If you receive an email with a “Shein mystery box” – don’t open it. There’s nothing mysterious about it, and it’s not from Shein. It is a phishing email, coming from unidentified hackers, looking to steal your personal information.
Earlier this week, cybersecurity researchers from Harmony Email observed more than 1,000 phishing emails being sent out, impersonating Shein.
For those unfamiliar with Shein, it’s one of the world’s most popular shopping platforms, with more than 500 million downloads on the Google Play Store, alone. It offers female clothing lines, accessories, and footwear. Harmony claims it owes its popularity to inexpensive clothing and generally low prices.
Red flags
Shein was founded in China in 2008, and being so popular, is a major target for impersonators and similar fraudsters. Harmony reminds that hackers often run fake gift card scams on Instagram and across the web, impersonating the retailer.
The recipients would get an email seemingly coming from Shein, and claiming that they had won a redeemable “mystery box”. Those that click on the image in order to “redeem” the gift are redirected to a fake Shein website where they’re invited to share their personal information.
There are numerous red flags in this email campaign, making it easy to spot. First, the sender’s email address is nowhere near Shein’s official domain. It includes “a jumble of random letters” which is definitely not the way a reputable company would address its customers. Also, the email does not contain any branding or logos.
Finally, the URL of the website where the visitors are redirected is obviously not the Shein website.
Phishing emails have never been as prevalent as they are today, despite email service providers’ best efforts to filter them out. The best way to stay safe is to be skeptical of every unexpected email, especially if it requires urgent attention, or action.
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews