A phishing campaign is impersonating fashion retailer Shein in an attempt to steal users’ credentials, according to researchers at Check Point.
“The email arrives with a tempting subject line: ‘Order Verification SHEIN’ – claiming to be from Shein customer service,” the researchers explain.
“But a closer look reveals a red flag – the sender’s email address doesn’t match Shein’s official one. The email excitedly announces you’ve received a mystery box from Shein. However, the included link won’t bring you a surprise gift; it leads to a fake website designed to steal your personal information (a credential harvesting site).
This phishing attempt is quite transparent. It preys on your excitement by claiming you’ve won a prize and uses the trusted brand name ‘Shein’ to gain your trust. However, a vigilant user can easily spot the scam: check the sender’s email address (it shouldn’t be random letters) and verify that any links lead to legitimate Shein webpages.”
Check Point notes that scammers can be expected to impersonate any popular brand, and observant users can recognize red flags associated with phishing.
“Just like other phishing attempts, scammers are trying to capitalize on popular brands and current trends to trick you,” the researchers write. “This time, they’re using Shein. There are several red flags that this email isn’t legitimate. First, there’s a strong sense of urgency surrounding the ‘mystery box’ offer, which is designed to create excitement and pressure you into clicking.
Another clue? The email address itself is a jumble of random letters, not a recognizable Shein address. You won’t find any Shein branding or logos in the email either. Finally, the link in the email won’t take you to an official Shein webpage, but to a fraudulent website designed to steal your information.”
Check Point offers the following recommendations to help users avoid falling for phishing attacks:
- “Make sure you don’t click on links from websites whose address isn’t the official one and check the email’s source
- “Check the address of the website and the sender’s name for spelling and punctuation errors on websites that look real
- “Ensure the email is free of spelling errors. Pay attention to the language in the email: are you expecting to be addressed in this language by your shipping company?”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Check Point has the story.
Here's how it works:
