If you receive a Shein mystery box, do not open it
There's nothing mysterious about phishing
If you receive an email with a “Shein mystery box” - don’t open it. There’s nothing mysterious about it, and it’s not from Shein. It is a phishing email, coming from unidentified hackers, looking to steal your personal information.
Earlier this week, cybersecurity researchers from Harmony Email observed more than 1,000 phishing emails being sent out, impersonating Shein.
For those unfamiliar with Shein, it’s one of the world’s most popular shopping platforms, with more than 500 million downloads on the Google Play Store, alone. It offers female clothing lines, accessories, and footwear. Harmony claims it owes its popularity to inexpensive clothing and generally low prices.
Red flags
Shein was founded in China in 2008, and being so popular, is a major target for impersonators and similar fraudsters. Harmony reminds that hackers often run fake gift card scams on Instagram and across the web, impersonating the retailer.
The recipients would get an email seemingly coming from Shein, and claiming that they had won a redeemable “mystery box”. Those that click on the image in order to “redeem” the gift are redirected to a fake Shein website where they’re invited to share their personal information.
There are numerous red flags in this email campaign, making it easy to spot. First, the sender’s email address is nowhere near Shein’s official domain. It includes “a jumble of random letters” which is definitely not the way a reputable company would address its customers. Also, the email does not contain any branding or logos.
Finally, the URL of the website where the visitors are redirected is obviously not the Shein website.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Phishing emails have never been as prevalent as they are today, despite email service providers’ best efforts to filter them out. The best way to stay safe is to be skeptical of every unexpected email, especially if it requires urgent attention, or action.
More from TechRadar Pro
- These were the most common phishing emails of 2023 — make sure you don't get caught out as well
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.