Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Shop fake receipt callback phishing campaign

Campaign
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

Threat actors are abusing Shop by planting fake purchase receipts in order histories, turning a trusted shopping app into a callback-phishing lure that can expose account credentials, payment card details, and OTPs. The abuse also pushes some victims toward remote access software installation. The operation is especially relevant in North America, where Shop is widely used and trusted. No evidence indicates that Shop, Shopify, or the impersonated brands were compromised.

Related Happenings

Google civil lawsuit against Outsider Enterprise

Regulatory/Legal Action
H score55 First: 14.06.2026 17:36 Last: 14.06.2026 17:36 Sources 1

About this happening: **Google** filed a **civil lawsuit** against **Outsider Enterprise**, adding legal pressure to a major **phishing infrastructure** operation that sent fraudulent texts at scale. T...

Open Happening

Sniper Dz free PhaaS ecosystem rebranded to scale phishing operations

Threat Actor Meta
H score43 First: 12.06.2026 11:52 Last: 12.06.2026 11:52 Sources 1

About this happening: A long-running **Sniper Dz** ecosystem operated as a **free phishing-as-a-service (PhaaS)** platform that repeatedly rebranded, lowering the barrier for large-scale credential the...

Latest development: 15.06.2026 09:30

Fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations targeted users across the Middle East and North Africa with fake offers for free mobile internet packages, financial compensation, and government subsidy programs, then routed victims through Linkbio and Linktree decoy pages into Sniper Dz phishing and traffic monetization infrastructure that abuses browser notification permissions, back-button hijacking, tab-under redirections, premium SMS subscriptions, premium-rate calls, and investment scams.

Open Happening

Major web skimming campaign targeting payment networks

Campaign
H score36 First: 13.01.2026 19:30 Last: 13.01.2026 19:30 Sources 1

About this happening: A **long-running Magecart web-skimming campaign** has been active since **2022** and targets checkout flows tied to **American Express, Diners Club, Discover, JCB, Mastercard, and...

Open Happening

China-based groups selling phishing-as-a-service kits for mobile-points smishing

Threat Actor Meta
H score28 First: 05.12.2025 01:02 Last: 05.12.2025 01:02 Sources 1

About this happening: Multiple **China-based cybercriminal groups** are selling **phishing-as-a-service platforms** that reuse the same scam infrastructure across **mobile points**, **tax-refund**, and...

Open Happening

Black Friday-themed phishing campaign using brand impersonation and fake marketing domains

Campaign
H score29 First: 28.11.2025 15:35 Last: 28.11.2025 15:35 Sources 1

About this happening: **Black Friday-themed phishing campaigns** surged **620%** in the weeks before the 2025 shopping period, increasing the risk that shoppers will be drawn into fake offers and **pay...

Open Happening

Timeline

  1. 25.06.2026 22:45 2 articles · 2h ago

    Fake purchase receipts in Shop order histories fuel callback phishing

    Initial Disclosure

    Threat actors are abusing Shop, the Shopify order-tracking app, by inserting fake purchase receipts into users' order histories and using the trust users place in the app to run callback phishing scams that seek account credentials, payment card details, OTPs, or remote access software installation.

    Show sources
    Open in new tab