If you receive a Shein mystery box, do not open it

There’s nothing mysterious about phishing

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If you receive an email with a “Shein mystery box” - don’t open it. There’s nothing mysterious about it, and it’s not from Shein. It is a phishing email, coming from unidentified hackers, looking to steal your personal information.

Earlier this week, cybersecurity researchers from Harmony Email observed more than 1,000 phishing emails being sent out,impersonatingShein.

For those unfamiliar with Shein, it’s one of the world’s most popular shopping platforms, with more than 500 million downloads on theGoogle Play Store, alone. It offers female clothing lines, accessories, and footwear. Harmony claims it owes its popularity to inexpensive clothing and generally low prices.

Red flags

Red flags

Shein was founded in China in 2008, and being so popular, is a major target for impersonators and similar fraudsters. Harmony reminds that hackers often run fake gift card scams on Instagram and across the web, impersonating the retailer.

The recipients would get an email seemingly coming from Shein, and claiming that they had won a redeemable “mystery box”. Those that click on the image in order to “redeem” the gift are redirected to a fake Shein website where they’re invited to share their personal information.

There are numerous red flags in this email campaign, making it easy to spot. First, the sender’s email address is nowhere near Shein’s official domain. It includes “a jumble of random letters” which is definitely not the way a reputable company would address its customers. Also, the email does not contain any branding or logos.

Finally, the URL of the website where the visitors are redirected is obviously not the Shein website.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Phishing emails have never been as prevalent as they are today, despite email service providers’ best efforts to filter them out. The best way to stay safe is to be skeptical of every unexpected email, especially if it requires urgent attention, or action.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set