Can you spot new phishing scams in your emails?

Shopify Discussion
, ,

Topic summary

Multiple merchants are reporting phishing emails impersonating Shopify, with fraudulent domains like “shopity.com” and “shopity.center” instead of the legitimate shopify.com. The scam emails use urgent subject lines like “[Chargeback] Shopify Payout” and appear to come from fake Shopify addresses.

Key Warning Signs:

  • Misspelled domain names in sender addresses
  • Urgent or alarming subject lines about chargebacks or payouts
  • Requests for sensitive account or banking information

Recommended Actions:

  • Do NOT click any links or provide sensitive information via email
  • Report suspicious emails to safety@shopify.com with full headers attached
  • Review Shopify’s Help Center guide on identifying real vs. fake emails
  • If you clicked anything: run anti-malware software, update all passwords (email and Shopify), enable two-factor authentication, review account settings and payment integrations

Shopify staff confirmed these are phishing attempts and thanked users for raising awareness to protect other merchants.

Summarized with AI on November 22. AI used: claude-sonnet-4-5-20250929.
1

Got a very suspicious looking shopify admin email misspelled to shopity.com. The mail said Urgent in subject line and looked suspicious it’s misspelled to shopity.center It’s hard to detect unless you look for it.

Find attachment and beware

Screen Shot 2021-04-21 at 7.16.58 AM.png
Screen Shot 2021-04-21 at 7.16.58 AM.png1612×1306 204 KB

1 Like
2

I received one, too.

3

I just got one this morning too. Very sneaky with the “shopity” spelling.

Thanks for posting.

4

Hi @Sainomono @Delc and @KeyboardMine

Thank you for sharing that phishing email here so that other merchants can recognize these emails when they come in. We appreciate your diligence in this matter!

To clarify for anyone else that comes upon this thread, if you receive an email that you believe is a phishing email pretending to be Shopify these are the steps you can take to report the email and ensure that your account is secure:

IMPORTANT Do not click on any of the links in the email. Do not provide your account information, bank information or any other sensitive information through the email. There are rare situations where Shopify may require you submit sensitive documents and 99.99% of the time that will be done directly through your store admin using a secure upload feature.

Please review our Help Center information for confirming if an email is real or fake: Protect your account against phishing. In situations like this we ask that you please send this email as an attachment to our Safety and Security team at safety@shopify.com. It is important to ensure that you are including the headers with that email as our team uses that to trace where the email came from. If you aren’t sure how to do that, you can follow these steps from Google.

In case you did end up clicking on anything, or are unsure about the security for your account, please follow the steps below and reach out to our live support for additional help:

  1. We recommend securing your devices by running anti-malware software.
    It is also advised that you ensure your wifi is secured according to the instructions provided by your ISP.
  2. Update the password for your email account login and enable any additional security features that your email service provider offers - for example a Two-Step Authentication also know as Two-Factor Authentication
  3. Update your password for your Shopify account
  4. Ensure you are using a strong unique password. We have a handy resource I’d recommend looking over called: Generate unique passwords with a password vault
  5. Once you have updated your Shopify account password, I would suggest enabling two-step authentication for extra security at login.. More information on this can be found here.
  6. Review and update your banking details for Shopify payments to make sure you have the right account connected.
    See how here. We also recommend to check the ‘Accepted Payments’ section within Shopify Payments settings and make sure that all the major payment methods you would like to accept are selected.
  7. Check all third party gateway integration to make sure correct accounts are linked - for example PayPal Express checkout - you can do so in Settings > Payments section of your store’s admin
  8. Review any orders that may appear suspicious and reach out to the customer or cancel and refund suspicious looking orders to prevent chargebacks. If you’d like to find out more information about chargebacks please visit our Help Center here: Chargebacks and inquiries
  9. Review general account settings to make sure information is appearing as it should - ( general settings, staff accounts, staff permissions, orders, discounts etc.) - for more information about staff account specifically, please visit our Help Center here: Managing staff

To ensure that anyone else that views this thread is able to see these steps I will be marking this thread as solved. Please don’t hesitate to let us know if you have any security concerns about your account with Shopify.

  • Shay
5

I received this email a few days ago. Please be aware…

Subject:#### [Chargeback] Shopify Payout

From:

Shopify mctseng@mail.nsysu.edu.tw

![Screenshot 2023-03-16 at 11-54-09 Chargeback Shopify Payout - everlushseamoss@gmail.com - Gmail.png|686x715](upload://wX2tns3kOEyzTaQWIv8tzXtir5K.png)
6

I received this exact same message last night but from a different email address. So many red flags, but it did make me pause. Mirroring your comment - Please be aware!

NuCoat_0-1679404473980.png
NuCoat_0-1679404473980.png1180×776 24.1 KB