Fake Orders Are Appearing in Your Shop App. Here's What to Know

What's Happening

Scammers have found a way to insert fake order receipts directly into Shop, the popular order tracking app from Shopify. When you open the app to check on a legitimate package, you might see a fraudulent charge for hundreds of dollars that you never made. This exploit is creating panic and leading people straight into the hands of scammers.

The Details

Here's how the scam works. Shop aggregates order confirmations from various retailers into one convenient app. Scammers are exploiting this system by creating fake Shopify stores or compromising existing ones. They then generate fraudulent order receipts that appear alongside your real purchases in the app.

The fake receipt typically shows an expensive item you never bought, often $500 to $1,000 or more. It includes what looks like a customer service phone number to "cancel the order" or "dispute the charge." The receipt looks completely legitimate because it is actually coming through Shopify's real infrastructure.

When you call the number in a panic, you reach the scammers themselves posing as customer support. They'll ask for personal information, banking details, or request remote access to your computer to "fix" the problem. This technique is called callback phishing because the scammers want you to call them. It's harder to detect than traditional phishing emails because you're taking the action, not clicking a suspicious link.

Who Is Affected

This scam specifically targets anyone who uses the Shop app to track deliveries. If you're a frequent online shopper who relies on Shop to monitor packages from multiple retailers, you're in the crosshairs. Families who share devices or accounts are particularly vulnerable because one person might see a charge they assume another family member made.

Seniors and less tech-savvy users face higher risk because the fake receipt appears inside a trusted app, not in an email from an unknown sender. The psychological pressure of seeing an unauthorized charge creates urgency that overrides normal caution.

What You Should Do Right Now

1. Check your actual credit card or bank statement, not just the app. If the charge isn't on your real statement, it's fake.

The Bigger Picture

Scammers constantly adapt to where people trust information. We've learned to be suspicious of emails and text messages, so criminals are now compromising the apps we use daily. This trend shows why cybersecurity awareness isn't a one-time lesson. It's an ongoing conversation families need to have regularly, especially as scam tactics evolve to exploit our most trusted digital spaces.

How GetCyberRight Can Help

Our GCR Scam Guard tool helps you verify suspicious phone numbers and links before you engage with them. When you see an unexpected charge with a callback number, take 30 seconds to check it with Scam Guard first. It analyzes the number against known scam databases and suspicious patterns, giving you an extra layer of protection when panic might otherwise cloud your judgment. Stay safe by verifying first, calling second.