Warning Email phishing scam Shopify domain auto-renew

Shopify Discussion
1

Morn’in Everyone.

I just got off the chat box with Shopify customer support regarding a suspicious email I received yesterday. They suggested I post it to the Shopify community forum as they believe it is a phishing scam.

Here are the details of the email:

From: (SHOPIFY) brian.charlton01@gmail.com

Subject: New Order Arrived! But Your Shop Has Issue

Email message: As a friendly reminder, your Shopify.com Domain is set to auto-renew on Dec 24, 2020.

Subscription Payment: $20.00

To keep your store online and accept the charge to the credit card above, action is required. If you want us to charge a different card, please (these next words are blue highlighted to link) “update your billing information” now.

(Then a blue “Billing Portal” button to push)

This update keeps your Shopify Active customers orders so you can access them instantly if needed.

Find out about (another link) “automatic domain renewal” at the Shopify Help Center

(Shopify logo and name that looks authentic)

(copyright logo) Shopify 151 O’Connor Stree, Ground floor, Ottawa, ON K2P 2L8

(Footer)

(linked words) “Avenue Livingstone 20, 1000 Bruxelles” , 1000, Bruxelles, Belgium

You may (link) “unsubscribe” or “change your contact details” at any time

Powered by

(logo) GetResponse

2

Hey, @Solandra !

Thanks for bringing this to our attention and letting other users be aware so it doesn’t happen to anyone else!

This is in fact a phishing email, and NOT a legitimate email from Shopify, please continue to NOT click on any links or download any attached files. There are rare situations where Shopify may require you to submit sensitive documents and 99.99% of the time that will be done directly through your store admin using a secure upload feature. We are working hard to mitigate these types of emails but unfortunately still get around.

In case you did end up clicking on anything or are unsure about the security of your account, please follow the steps below and reach out to our live support for additional help:

  • We recommend securing your devices by running anti-malware software. It is also advised that you ensure your wifi is secured according to the instructions provided by your ISP.

  • Update the password for your email account login and enable any additional security features that your email service provider offers.

  • Update your password for your Shopify account. Ensure you are using a strong unique password.

  • Once you have updated your Shopify account password, I would suggest enabling two-step authentication for extra security at login.

  • Review and update your banking details for Shopify payments to make sure you have the right account connected. We also recommend checking the ‘Accepted Payments’ section within Shopify Payments settings and make sure that all the major payment methods you would like to accept are selected.

  • Check all third-party gateway integration to make sure correct accounts are linked - for example, PayPal Express checkout - you can do so in Settings > Payments section of your store’s admin.

  • Review any orders that may appear suspicious and reach out to the customer or cancel and refund suspicious-looking orders to prevent chargebacks.

  • Review general account settings to make sure information is appearing as it should - ( general settings, staff accounts, staff permissions, orders, discounts, etc.)

To be proactive against potential phishing attacks in the future, we recommend you visit the page below to be better informed:

If you continue to receive these emails may I kindly ask you to forward them to our Safety team by emailing safety@shopify.com. If possible, can you please follow these steps to send the complete email including headers? as our team uses that to trace where the email came from.

To ensure that anyone else that views this thread is able to see these steps I will be marking this thread as solved. Please don’t hesitate to let us know if you have any security concerns about your account with Shopify.

Cheers,