Blog

Your Shopping App Could Be a Trap: Inside the Shop Order‑Tracking Scam

Published July 3rd, 2026 by Bayonseo

When you check on a delivery you've been anticipating using your order-tracking app, you notice something concerning: a receipt for a product you never purchased. A phone number is provided to contest the purchase, and the invoice displays a sizable charge from a well-known brand. You call in a panic. And the con artists want just that.


Your Reliable App Is Now a Weapon

Threat actors are increasingly pushing callback phishing attempts by leveraging Shop, Shopify's well-known order-tracking service. Millions of customers trust the app, which has received over 50 million downloads on Google Play and 7 million ratings in Apple's App Store. Order details are immediately extracted from your email and shown in a clear, central dashboard with deliveries from different vendors.

Attackers are now taking advantage of this confidence by immediately adding phony purchase receipts to consumers' order histories. These fake orders pose as reputable companies like PayPal, Apple, Norton, and McAfee. Compared to a conventional phishing email, the notification feels much more authentic because it displays inside the official Shop app rather than in a spam folder.


The Operation of the Callback Phishing Attack

A phone number for contesting the charge is listed on the fictitious receipt. The victim calls a con artist who is pretending to be a customer service representative. The fraudster uses social engineering techniques in an effort to obtain:

  • Credentials for the account
  • Details of the payment card
  • OTPs, or one-time authentication codes

In more difficult situations, victims are duped into installing remote access software, which gives attackers complete control over their devices. The bogus receipt appears in a trusted, legitimate app that consumers already rely on, making this strategy more effective than email-based phishing, according to Gen Digital researchers who discovered the effort.


A Major Warning Sign, If You Know How to Look

Even if the speech is polished, a lot of the phony receipts have bad language. Researchers caution that when users face a big, unexpected invoice, they might not notice these errors. Rational scrutiny may be subordinated to the shock of a possible unlawful charge.


How Do These Fraudulent Orders Enter?

The precise method used to insert the bogus receipts is still unknown. Email parsing, account association, and merchant order procedures are just a few of the sources from which Shop can extract orders. Nevertheless, Gen Digital has not discovered any proof that Shop, Shopify, or any entity that was impersonated was compromised. The scam is still going strong, although the distribution method is still being looked at.


Defend Yourself Against the Shop Scam

If your Shop app displays a receipt for an order you did not place:

✅ The phone number on the receipt should not be called. Instead of connecting to a real support agent, it connects to a scammer.

✅ Use the phone number from your card or the official website to confirm any purported charge with your bank immediately.

✅ Reset your account passwords right now and get in touch with your card issuer to deactivate any compromised cards if you have already called and supplied important information.


What Bayon Technologies Group Can Do to Keep You Safe

These kinds of scams take advantage of your faith in reputable sites to get over your built-in safeguards. We at Bayon Technologies Group assist people and businesses in strengthening their defenses against social engineering scams. Among the services we offer are:

  • Security awareness training that teaches you how to spot and handle callback phishing attempts, even when they show up in reputable apps.
  • In the event that you or your staff members become victims, incident response guidelines will assist you in minimizing the harm.
  • Digital privacy assessments to assess your exposure and lower the possibility that your personal data may be misused.

Avoid having a reliable shopping app turn into your next security breach. To bolster your defenses, get in touch with Bayon Technologies Group right now.


‹ Back