"Phishing" is an Internet scam that uses deception to compromise the security of your personal information. In many cases, these scams are performed via an email that looks legitimate, but ultimately clicks through to a fake site made to look like the service you are used to dealing with.
A phishing message might ask you to complete tasks such as the following:
- Log into or Confirm your account via a link
- Download a file
- Open an attachment
Phishing scams may also ask you to provide the personal information via email or messaging systems, through a form, or by calling a fraudulent phone number. Even a simple request to reset your login can be dangerous.
Ways to Tell if a Message is Phishing
Although the messages seem to be legitimate, there are some ways to tell if they are fake. Here's an example of a phishing message:
- Note the use of language:
Many phishing scammers are not located in the same country as the service they are passing themselves off as. So you may see odd uses of language. For example, note the "We face a problem in the ratification of the real owner of the account" part of the message. This seems to have been translated incorrectly and used for the wording of the message. Also note the rather impersonal greeting of "Hi There!" in the message. Most legitimate emails Shift4Shop will send will include your name in the greeting.
- Examine the links:
If the message contains a link, hover over it with your mouse (but don't click it!). Most email programs will show you the URL that the link is pointing to when you hover over it. If not, right-click and copy the link and then paste it into notepad so you can see it. Make sure that the URL is legitimately associated with your service. In the above example, the link goes to a shortened URL which ultimately resolves to a fake *.ru site that was made to look real. Real Shift4Shop emails will always point to full URLs to either Shift4Shop's home page or to your store's URL. If you ever doubt the link's legitimacy, navigate to Shift4Shop (or your store) directly instead of clicking the link!
- Never communicate Sensitive information via Email:
If the message asks for sensitive information, do not provide it! Shift4Shop has access to your store's admin already, so we'll never need to ask for sensitive information.
- When in doubt, CALL US!:
As mentioned, phishing messages can sometimes look and "feel" real. So if you ever have a doubt, please call us to confirm it's a real message. We're here 24 hours a day and we have records of your account's communications, so we can tell pretty quickly whether the message is legitimate or not. And as always, our phone number is 1-800-828-6650.
- Consider using 2-factor authentication on your store:
Back in versin 8.1, we introduced 2-step verification as a login option to the Online Store Manager. This will ensure that your store remains secure, even if your senstive information was compromised via phishing. For more information, click here