You’re very welcome! Trusting your instincts was the right call… glad I could helped.
Topic summary
Shopify store owners are reporting a phishing scam involving fake order confirmation requests. The scam follows a consistent two-email pattern:
The Attack Method:
- First email: Claims payment was withdrawn but no confirmation received, requests order verification
- Second email: Includes a “bank statement” attachment via password-protected zip file or Google easy-exchange link
- Uses fake identities like “Amy Brown” (teamoku.com), “Patricia Larson,” and “Annie Huber” (thetravellistindonesia.com)
The Actual Threat:
The attached file contains malware that grants remote access to the victim’s computer post-login, bypassing 2FA and passwords. Scammers then use website management systems to contact legitimate customers, requesting duplicate payments or Bitcoin for fake “glitches.”
Protective Actions:
- Never open attachments or click links from these emails
- Request specific order details (order number, date, payment info) - scammers won’t provide them
- If clicked: Run deep scans with Malwarebytes, Bitdefender, AVG, or similar antivirus tools
- Report and block the sender
Multiple users confirmed receiving identical messages. Previous reporting led to takedown of pinfairs.com. The discussion remains active as new variants emerge with different sender identities.