Order-tracking app Shop abused to push callback phishing attacks
ID: f9090638-33e7-53f2-ba3c-debd96ff0a82
STIX ID: report--f9090638-33e7-53f2-ba3c-debd96ff0a82
Feed Name: Bleeping Computer
Threat actors are abusing the Shopify-provided Shop app by inserting fraudulent order receipts into users' order histories that include phone numbers for 'support' callbacks; victims who call are socially engineered into revealing credentials, payment information, OTPs, or installing remote-access software. Researchers observed impersonation of major brands (Norton, McAfee, Apple, PayPal), could not determine the delivery vector, and advise users to avoid calling numbers on suspicious receipts, verify charges with banks, reset compromised credentials, and contact card issuers if needed.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
