If you own or are a new owner of a Shopify store you probably already encountered some sort of shopify chargeback phishing email attempts. These emails are very well made in appearance to make you believe they really do come from Shopify.
Since almost all shopify store owners have encountered some form of shopify chargeback from a customer, these phishing emails seem very familiar and you are most likely to click the link in the email. But that is exactly what you should not do – DO NOT CLICK ON THE LINK IN THE SHOPIFY CHARGEBACK EMAIL!
The best practice is to go to your browser and open your shopify management page without clicking the link on the phishing email.
What to look for in Fake Shopify Phishing Email
Because these scammers don’t have access to your shopify store, they don’t make small mistakes that you can pick up on and realize the email is a phishing attempt.
One of the first indicators is the Reply-to email address. The REAL shopify will normally send their email from [email protected]. The particular email that I received today came from [email protected]. You can tell that they spelled shopify with a zero instead of the letter o. But there are other indicators on these shopify chargeback phishing email attempts.
The first line in the phishing email I received read:
A customer opened a chargeback for order #28660.
I don’t only use only numbers for my orders. I use a combination of letters and numbers for this particular reason, and to better identify my my order numbers. If you only use numbers in the structure of your order numbers then it becomes more confusing. I use letters and numbers to identify my Shopify e-commerce store, and then the first numbers also identify the year. You can even use Letters and Numbers to identify your store, year and month if you have a large amount of orders.
Here is what the this phishing said:
A customer opened a chargeback for order #28660.
The customer told their bank that this order was fraudulent.
The bank has returned $336.77 to the customer and charged you a $95.00 fee for this chargeback.
We have collected evidence that will be automatically sent to the customer’s bank on June 31, 2022 at 7:00 pm. You can submit any evidence up until that date.
Submit response
There are 3 ways to resolve a chargeback:
Add additional evidence that might help your case and review what we collected for you before it’s submitted to the customer’s bank
Contact the customer to resolve the issue with them directly.
If you agree that this chargeback is justified, accept the chargeback and fees
Chargeback summary for order #28660
Customer
Kellie Laskowski
Reason
fraudulent
Chargeback amount
$336.77 USD
Chargeback fee
$95.00 USD
Total
$431.77 USD
Find out about chargebacks at the Shopify Help Center.
The words are very well structured to make you think it’s a real email. But the appearance is where they did a great job to try to make it seem as a real email.
Here is a screenshot of the email I received:
They really put some work into this Shopify Chargeback Phishing Email.
If you clicked on the link in a Shopify phishing email
If you clicked on the link in a Shopify phishing email, IMMEDIATELY CHANGE YOUR SHOPIFY PASSWORD. I would also suggest you contact Shopify support and report the email you received and have them check your account to ensure no changes were made by the people trying to phish your Shopify account.
Another of these Shopify Phishing Chargeback Emails
On 9/25 I received another one of these phishing emails trying to grab shopify login information. The email was titled : “Chargeback response for order #19089 was submitted”
Here is how the email read:
A chargeback response for order #19089 was submitted to the customer’s bank.
We will let you know when the bank reaches a decision about this chargeback. This process can take up to 75 days.
Review order
Chargeback summary for order #19089Customer
David Rosenthal
Reason
fraudulent
Chargeback amount
$3520.20 USD
Chargeback fee
$15.00 USD
Total
$3535.20 USD
Fortunately this link given in this email has already beed reported as a phishing website.
How to prevent or reduce the scare with these phishing emails.
One way to easily identify these phishing emails is to use a combination of letters and numbers for your shopify order numbers.
For example I use, OLS22-(order#). The first three letters are the initials for my store, then the year, and I start my orders at series 1000. So if you were the first order of the year, you would be OLS22-1001. Because these order numbers are unique to my store, these scammers that send out the phishing emails, don’t have the right order numbers and therefore an easy way for me to identify the scam.