All things Shopify and commerce
To continue receiving payouts, you need to secure your account by turning on two-step authentication. If two-step authentication is not turned on your payouts will be paused. Learn more
I’ve at some times received scammy emails fake emails trying to be Shopify’. But I’m not sure is this one is legitimate. Any help or recommendations? I can’t have my store shut down. It’s the sole income for my husband and I.
email is from
risk-management@shopify.com
Solved! Go to the solution
Did they say they are reviewing it and will get back to you? Or was there no conclusion?
I sent them an email reply and they were brief but courteous. They said no further action required. I did not remove my product because the name is merely a coincidence. I'm not stepping on any trademarks.
This is an accepted solution.
Hi everyone! Thank you again for all your feedback on this topic. Please continue to add it to this thread and I will make sure to add a like to your feedback to let you know that it has been received. I fully support the idea of adding these communications into the admin as well and I hope we can make that happen.
To help with any confusion surrounding tickets of this type, the ticket ID for many of them will be formatted like this:
It will be a mix of letters and numbers and is different from the tickets numbers you would receive from our standard support. Our standard ticket numbers are only numerical and are around 8-10 numbers long. Tickets that match the format above are handled by a separate team and our live support doesn't have direct access to the content of these tickets. With the ticket number they should be able to confirm though if this ticket is legitimate.
I am going to mark this response as the "Solution" so that other merchants in a similar situation can find this information easier. Please continue to add your feedback to this thread and I will make sure it is passed along on your behalf.
Shay | Social Care @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog
Hi Shay and other Shopify support team members; specifically targeting GRC.
Am an senior Information Security professional, CISSP #431307. I have conducted many (1000+) of these social engineering techniques to get people to give up information.
This particular format of an email is called Spear Phishing which uses key areas.
1. Claims to be from a reputable source
2. Is tailored and targeted by referencing a specific item the recipient would know.
3. Adds a sense of urgency by stating the store would be shut down.
4. Hides the true site by using a link.
5. Adds "legitimacy" by referencing a legal site as well as a ticket number.
The email that has been sent out to everyone, literally checks all of the boxes used in the spear phishing attack arsenal.
As an InfoSec professional, I knew to immediately contact support. That is even with possessing the technical ability to review email headers and safely investigate the url in the link sent. Not everyone has that luxury of understanding these attack signatures.
In that light, the Shopify GRC team should know better and should be a responsible net-citizen, not contributing to the behavior of bad actors.
Hence, my recommendation would be two fold.
1. As Shay and others pointed out, place this message in the Admin console.
2. Send out a notification email (with no links in it), requesting the person log into their Admin console to take action. Direct them where in the portal to take action.
Michael B. Morell, CISSP #431307
Information Security Professional and Evangelist
DirectionWeb Inc.
Am I the only one less than convinced about the wisdom of just signing such a document.? Shopify seems to be pushing very hard with the 'you're best to just sign it' without offering any info about why a particular store has been flagged and what evidence they are willing to supply to reinforce the demand that you sign.
My email, like most of the others, said it 'appears' that you selling branded etc etc. I replied telling them that I'm not and their only reply was to block access to my admin.
@Smorris88 No further action was taken. My store is still up and running after I removed the product that was violating the trademark issue.
I have vintage webshop and got the same email 2 days ago. I am stressed out and don't know what to do. I see that you can select the option "I sell used authentic products", maybe is that an option for the vintage sellers? Please let me know if anyone has an idea..
how did you know which product is trademark ?
If you are selling branded items and do not have a license to sell them then I would say those are the items you need to remove.
Hey after you removed the products that were trade marked did shopify uplift your payment holds or did they just refund all the customers?
Shopify never put any payment holds on my account. I complied to their request before the date they gave me and it was business as usual.
User | RANK |
---|---|
65 | |
45 | |
30 | |
28 | |
26 |
Learn these 5 things I had to learn the hard way with starting and running my own business
By Kitana Jan 27, 2023Would you love to unleash the unbridled power of the Google Shopping Channel into your sho...
By Gabe Jan 6, 2023How can you turn a hobby into a career? That’s what Emmanuel did while working as a wa...
By Skye Dec 30, 2022