Issue with site

Technical Q&A

Topic summary

A user received an email claiming their Shopify store had security vulnerabilities related to a missing “Referral-policy Header” and threatening account suspension if not addressed. The email suggested upgrading to a premium theme and mentioned contact from Upwork to fix the issue.

Community Response:

  • Multiple respondents identified this as a phishing/fraudulent attempt
  • Free Shopify themes are fully functional; paid themes are unnecessary for basic operations
  • Users should only purchase themes through Shopify’s official theme store, not third-party sites like Upwork

Recommended Actions:

  • Disregard and delete the suspicious email
  • Verify sender email addresses to confirm legitimacy of future communications
  • If any links were clicked or information entered, immediately review and change account passwords
  • Enable two-factor authentication on the Shopify account for added security

Resolution: The user thanked the community for clarifying this was a scam attempt.

Summarized with AI on November 8. AI used: claude-sonnet-4-5-20250929.
1

I will try to make this short. Got an email saying I had an issue with my site. (I have a free theme). So apparently I have no

"Referral-policy Header and the policy header "

and according to the “support help” which was someone from upwork was texting me that they can fix the problem. But it was a very strange way of me paying. It didn’t sit right with me. So my question is if I upgrade to premium theme does it fix the problem with the "referral -policy and such?

2

Hi @Jenishere ,

This sounds like a fraudulent attempt to force you to pay for a theme you don’t need. Free themes offered by Shopify are all you need to sell online although you can buy a paid theme from an approved theme partner via the official theme store if you’re interested in additional features. We would advise against buying a theme from other sites such as Upwork and I’d recommend you disregard this email.

2 Likes
3

Thank you for reply back, I appreciate it. But the original email I received was :
Our system flagged your store due to security vulnerabilities and failure to comply with our user acceptable policies. Failure to address these issues might compromise your store, result in unauthorized entry, and could lead to suspension or permanent deactivation of your account if not handled promptly.

So when I Appeal it that’s when got buddy emailing that I needed to do all this things. So how do I know if this emails im getting from Shopify are legit ?

4

Hey, @Jenishere .

Thanks for following up with the additional context.

It sounds like a phishing email that is trying to get your attention and some of your information. When you receive emails like this, it’s important to double-check the sender’s email as it can help you determine the legitimacy of the email. If you’ve clicked into any links on a phishing email, then we’d recommend reviewing your account(s) or changing your password(s). Also, if you haven’t done so already, we’d recommend enabling two-step authentication for an added layer of security on your Shopify account as well.

If you have any other questions on this topic, then don’t hesitate to let us know.

1 Like
5

Thank you for all your help.