Security · 1h ago
Shopify's Shop app abused for callback phishing attacks
Threat actors are adding fake purchase receipts to users' Shop app order histories to trick them into calling a number for a refund. The call leads to social engineering attempts to steal sensitive data or install remote access software. Shopify says it is aware and taking action against the abuse.
Meridian48 take
This attack exploits user trust in a legitimate app, highlighting how phishing evolves beyond email to infiltrate everyday tools.
Read the full reporting
Order-tracking app Shop abused to push callback phishing attacks →
Bleeping Computer
phishingshopify