Phishing refers to scams involving identity thefts where fake websites and emails or messages are used. A phishing attack can put your sensitive information in danger. You need to protect your online store by taking precautions against any phishing attacks on your Shopify account.

Shopify Store Security

Phishing attacks may involve fake messages or emails that appear to come from trusted, authentic sources. You need to be wary of messages coming from fake or hacked accounts as these could be phishing attacks. It is essential to be on the lookout of any such attempts, to protect your online store.

Phishing messages may consist of calls to action or CTAs like clicking on a given link, opening an attachment or making a file download. Such messages and links comprise of malware like trojans, viruses or bots that can infect and corrupt your device. Be it a PC, laptop or mobile; if you respond to any of the CTAs mentioned above, you are putting your sensitive information at risk of being misused.

Phishing scams may also involve you to share private,  sensitive information as an email or other messages. You may also be asked to provide your data through a fake phone number or form, or even a fake, phony address. You must also be wary of fraudulent requests at making changes to your password, which can be very dangerous for your online store.

It is recommended that you forward any messages of this kind to the safety inbox of Shopify, By doing so, Shopify will be better able to provide protection to all its merchants.

Watching Out For Any Warning Signs

To keep yourself protected from any phishing attacks, you can keep an eye on different signs that are dangerous to the security of your personal information.

  • Language that is overtly generic is known to be a typical characteristic of phishing. Messages may appear to come from trusted and recognized organizations and may open with general statements such as ‘To the account holder or dear account holder”, followed by requests to provide personal information.
  • Phishing messages may also look like business messages coming from a private account, which may appear to be a real one.
  • Unlike seasoned content writers, phishing criminals are least concerned about content quality, and you may find grammatical errors and problems in the spellings, numbers, punctuation, formatting, etc.
  • The use of an alarming or excited tone should also be watched out for. Messages that seem too frightening such as those hinting at failures in the server which requires you to make alterations to your password, username, etc. are to be carefully reviewed. At the same time, when messages are too unrealistic, like a 90 percent discount on something, then these are nothing but phishing scam attempts at illegally retrieving personal information.
  • You must also closely watch out for any URLs that may appear legitimate but are fake.

How To Raise Your Concerns

You may contact the assumed sender of such messages by speaking with someone from their organization. You must make sure that they are using a number that appears on various reputable, reliable sources online.

Website URL Should Be ‘https’

It is important to note that if you are connecting to websites using the ‘http://’ URL, you may be putting your information at risk. Ideally, a safe website starts with an ‘https://’ and shows a lock icon which indicates that the site is encrypted.

Do Not Open Unreliable Attachments Or Links

Many times, you may receive messages containing forms, links, and attachments as phishing attacks. Before opening such links, attachments, etc., you must make sure that these are reliable ones. Clicking on these can take you to unreliable malicious sites which not only puts your sensitive information to be at risk of getting stolen but also may cause malware to corrupt your device.

Being Careful With Public Wifi Connections

Public wifi can put your data at risk of being used by criminals. You must always make sure to use legitimate hotspot connections. Many times, wifi hotspots may be named similar to popular ones in the area, and so it is essential to confirm the legitimacy of a given wifi hotspot for the security of your personal information.

It is also important to note that public networks also put you at risk of being in the same system as a possible phishing attacker. To keep such attacks at bay, you must put off file sharing and enable your firewall, before you make a connection.

Also, it is recommended to use a Virtual Private Network (VPN) to send your information to the internet, to ensure protection from possible attacks at your information being robbed.

Following Government Guidelines For Compromised Information

Personal information that can be used to identify with you, such as your full name, address, email id, credit card number, driver’s license or birth date, etc. may be stolen in a phishing attack. In such cases, you may approach the FBI- Internet Crime Complaint Center to file a report in the US, or the Canadian Anti-fraud center in Canada, to submit a report.