How to recognize a fake Shopify email before falling victim to a scam

Email scams (phishing) are becoming more and more common, and e-merchants on Shopify are a prime target. Cybercriminals send fake emails in the name of Shopify to steal your login credentials or banking information.
In this article, I explain how to identify a fake Shopify email, the tell-tale signs, and best practices to protect your store.

What is a fake Shopify email?

A fake Shopify email is a fraudulent message that appears to come from Shopify, but whose objective is to:

• steal your login information (phishing)
• lure you into clicking a malicious link
• install malware

These emails are often very realistic, with the Shopify logo and a professional tone.

Signs that an email is fake

Sender's email address

• A real Shopify email always comes from an official domain (e.g., @shopify.com).
• Check that the address is not suspicious: @shopify-support-secure.com or @shopfy.com = fake.

Message content

• Spelling and grammar: an email with errors or an overly alarming tone is suspicious.
• Links: hover your mouse over the link before clicking. If the link does not go to shopify.com, do not click.

Unusual requests

• Shopify will never ask for your password by email.
• If the email asks you to pay an invoice immediately or threatens to close your store, be wary.

How to verify if an email is from Shopify

• Log in directly to your Shopify account via shopify.com to check if the information is true.
• Consult the notification history in your admin.
• Look for the email in the Shopify Help Center.

What to do if you receive a fake email

• Do not click on any links.
• Do not download attachments.
• Forward the message to safety@shopify.com to report it.
• Delete the email from your inbox.

Fake Shopify emails are a real danger, but by following these simple steps, you can protect your business.
Vigilance is the best weapon: always check the sender, links, and requests before taking action.