If you see a receipt in your Shop app for a purchase you didn’t make, proceed with caution. Scammers have managed to insert fake orders—that appear to be from legitimate companies like Apple, Norton, and PayPal—into Shop users’ histories as part of a callback phishing campaign.
Fake purchase receipts are a favorite scam tactic for PayPal impersonators, who frequently use email notifications to trick targets into calling a fraudulent support number or clicking a phishing link.
How the Shop order scam works
As BleepingComputer reports, Shop users are seeing fake invoices in addition to real purchases in their order tracking history. These fraudulent receipts may say that a charge (usually for a large amount) has been processed, an order has been prepared, or a subscription has been renewed.
They also list an email and/or phone number for disputing the purchase, but if you call, you’ll reach scammers pretending to be support agents. The goal is to get customers to hand over personal information like login credentials, credit card information, or authentication codes or even download malware that lets scammers remotely access your device.
Researchers at cybersecurity firm Gen Digital, which identified the scam, found that these fake purchase notifications contain some obvious red flags, like poor grammar and spelling. However, Shop is a widely used and largely trusted app, so users have little reason to suspect a scam and therefore may be more likely to call a support line or engage with a receipt in some way. Plus, a notification inside an app may raise fewer alarms than a phishing email.
Your Shop history tracks orders paid for with Shop Pay and purchased from stores that use Shopify as long as you entered the email associated with your Shop account at checkout. It also pulls tracking information from Gmail and Outlook by scanning messages for keywords like “tracking number” and “track your package,” so you may see pending deliveries that originated outside the Shop ecosystem.
Researchers note that it’s not clear exactly how threat actors are inserting fake orders into user histories, nor is there evidence that Shop, Shopify, or any companies being impersonated have been breached. Shop has simply said that they are implementing “new controls” to mitigate the issue.
What to do if you see a Shop purchase you don’t recognize
Don’t automatically assume a receipt for an unknown purchase is legitimate, whether it pops up in the Shop app or your email. Check your bank or credit card statements as well as your account history with the listed vendor to see if there’s a purchase that matches. If you don’t find one, the invoice itself is almost certainly a scam, and you should not engage with it. Don’t call the number, send an email, or click any links.
If you haven’t done any of these things, you can just ignore the notification or report it directly to Shop and the listed vendor. If you’ve called or given up any information, change your password (ideally on a different device) and keep an eye on any suspicious login attempts or unfamiliar charges on your accounts.
Â
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.