Threat actors are abusing the Shop app by planting fake purchase receipts in order histories to trick users into calling scam support numbers and revealing sensitive information. Gen Digital says the fraud is used to steal credentials, payment details, OTPs, and sometimes to push remote access software, while impersonating brands like Norton, McAfee, Apple, and PayPal. #Shop #Shopify #GenDigital #Norton #McAfee #Apple #PayPal
Keypoints
- Scammers are inserting fake receipts into the Shop app’s order history.
- The fake invoices impersonate well-known brands like Norton, McAfee, Apple, and PayPal.
- Victims are directed to call a scam phone number listed in the receipt.
- Attackers use social engineering to steal credentials, payment card details, and OTPs.
- Some victims are also tricked into installing remote access software.