Spoofing Shein For Credential Harvesting

By Jeremy Fuchs, Cybersecurity Researcher/Analyst Check Point Software LTD

Shein is one of the most popular shopping apps in the world. In fact, it’s the second most downloaded shopping app globally, with over 251 million downloads.

The e-commerce platform is Googled more frequently than major brands like Nike and Adidas. Shein gained popularity for its inexpensive clothing and low prices. However, the company has faced significant criticism for its poor human rights record.

Additionally, according to a TIME report, Shein has been exploited by scammers in various ways, including the use of fake gift cards on Instagram and counterfeit websites.

That brings us to the focus of today’s report. Researchers from Harmony Email will discuss how hackers are impersonating Shein in an effort to steal user credentials. Over the last month, they have identified more than 1,000 of these fraudulent emails.

Email Example of Shein

The email arrives with a tempting subject line: “Order Verification SHEIN” – claiming to be from Shein customer service. But a closer look reveals a red flag – the sender’s email address doesn’t match Shein’s official one.

The email excitedly announces you’ve received a mystery box from Shein. However, the included link won’t bring you a surprise gift; it leads to a fake website designed to steal your personal information (a credential harvesting site).

This phishing attempt is quite transparent. It preys on your excitement by claiming you’ve won a prize and uses the trusted brand name “Shein” to gain your trust. However, a vigilant user can easily spot the scam: check the sender’s email address (it shouldn’t be random letters) and verify that any links lead to legitimate Shein web pages.


Just like other phishing attempts, scammers are trying to capitalize on popular brands and current trends to trick you. This time, they’re using Shein.

There are several red flags that this email isn’t legitimate. First, there’s a strong sense of urgency surrounding the “mystery box” offer, which is designed to create excitement and pressure you into clicking.

Another clue? The email address itself is a jumble of random letters, not a recognizable Shein address. You won’t find any Shein branding or logos in the email either. Finally, the link in the email won’t take you to an official Shein webpage, but to a fraudulent website designed to steal your information.

Over the last month, we’ve seen over 1,000 of these attacks.

  • Make sure you don’t click on links from websites whose address isn’t the official one and check the email’s source.
  • Check the address of the website and the sender’s name for spelling and punctuation errors on websites that look real.
  • Ensure the email is free of spelling errors. Pay attention to the language in the email: are you expecting to be addressed in this language by your shipping company?

Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button