The Current Shopify Scam

Blog

I've received this email from my Shopify store contact form:

Name: Daisy Wright
Email: Daisy1986@mailforce.net
Body: hi my son-in-law made an order on your store 82 days ago, but still didn't receive it.. this is the order screenshot: https ://bit.ly/[removed] any updates? Thanks regards. Daisy.
Phone: 7113637567

Rather than, you know, f'ing clicking on the bit.ly link (take away: never, ever click random links from unknown senders), I logged into my store.

HEY LOOK, exactly ZERO orders, much less one 82 days ago, or 42 days ago, or whatever.

So, I downloaded the webpage without, you know, actually viewing it, by using wget

What did we get? Well, look at all these redirects:

bash-3.2$ wget https://bit.ly/[fuck-off-spammers]
--2019-08-07 09:01:51--  https://bit.ly/[fuck-off-spammers]
Resolving bit.ly (bit.ly)... 67.199.248.10, 67.199.248.11
Connecting to bit.ly (bit.ly)|67.199.248.10|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://beststuffsinmylife.com/im/click.php?c=1111111111&key=OH-LOOK-HERE [following]
--2019-08-07 09:02:01--  http://beststuffsinmylife.com/im/click.php?c=1111111111&key=OH-LOOK-HERE
Resolving beststuffsinmylife.example.com (beststuffsinmylife.com)... 140.82.7.85
Connecting to beststuffsinmylife.example.com (beststuffsinmylife.example.com)|140.82.7.85|:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://rover.ebay.com/rover/1/OH-LOOK-HERE/1?icep_id=111&ipn=icep&toolid=11111&campid=1111111111&mpre=https%3A%2F%2Fwww.ebay.com%2Ftrending [following]
--2019-08-07 09:02:08--  https://rover.ebay.com/rover/1/OH-LOOK-HERE/1?icep_id=111&ipn=icep&toolid=11111&campid=1111111111&mpre=https%3A%2F%2Fwww.ebay.com%2Ftrending
Resolving rover.ebay.com (rover.ebay.com)... 66.135.203.234, 66.135.214.209, 66.211.172.216, ...
Connecting to rover.ebay.com (rover.ebay.com)|66.135.203.234|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.ebay.com/trending [following]
--2019-08-07 09:02:19--  https://www.ebay.com/trending
Resolving www.ebay.com (www.ebay.com)... 23.35.181.189
Connecting to www.ebay.com (www.ebay.com)|23.35.181.189|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘fuck-off-spammers’

You can see a number of domains that are now blocked on the network level on my site (and no, they don't have .example in them).

So, if you own a Shopify store, ignore these spam messages, report them to Shopify (take away 2: shopify is your friend if you have a shopify store: they succeed when you succeed, so, yes, forwarding such spam to safety @ shopify.com is the right action, see https://help.shopify.com/en/manual/your-account/account-security/phishing ).

Comments

And now, Shopify marks said incoming emails as [SPAM].

Good work, all the other shop owners!

Add new comment