Don’t Take the Bait: Email Scams Targeting Online Business Owners

Running an online business means constantly being on alert - not just for customer needs or supply chain hiccups, but for something more sinister: email scams.

Scammers are getting smarter and more persuasive. One of their favorite targets? Online business owners who rely on platforms like Shopify, PayPal, or Amazon to keep their stores running.

In this post, we’ll expose the common types of scam emails, share real-world examples (including a fake Shopify email and a $20,000 loss by one of our clients), and give you five essential tips to protect yourself and your store.

Phishing Emails: What Are They?

Phishing emails are fake messages that appear to come from trusted companies. Their goal? Trick you into:

• Clicking malicious links
• Giving away your login credentials
• Downloading malware
• Revealing sensitive business data

For ecommerce store owners, the risks are high. A successful scam can lock you out of your store, damage your reputation, or even steal your customers' data.

Real Example #1: Fake Shopify Account Suspension Email

Here’s a real example of a scam email that recently landed in an online store owner’s inbox:

Red Flags in This Message:

1. Message came from a @gmail address - Official Shopify emails always come from @shopify.com.

2. Vague reasoning - No explanation, issue reference number, or account-specific details.

3. No Shopify branding or secure links - No logos, formatting, or verification links.

4. Request to reply by email - Shopify would not ask you to confirm your identity via email in their first contact.

Real Example #2: David’s $20,000 Invoice Scam

Last year, one of our clients - David - fell victim to a much more costly scam.

He received what looked like a regular email from one of his suppliers. It included a $20,000 invoice and payment instructions. Since these kinds of transactions were part of David’s normal operations, he made the payment.

A week later, the actual supplier emailed him asking why the invoice hadn’t been paid.

David was stunned. After some digging, he discovered that the earlier email had come from a scammer using a domain with only one letter different from his supplier’s real address. The invoice looked identical to the supplier’s usual format - and because of that, he didn’t think twice before paying.

The result? David lost $20,000. The money was gone, and unfortunately, it was not recoverable.

Other Common Email Scam Tactics

In addition to fake platform emails and impersonated suppliers, here are other types of scams to watch for:

1. Fake Invoices from PayPal or QuickBooks
   You receive a notice for a $750 “pending payment” and are urged to call a number or click a button to cancel.

2. Amazon Suspension Alerts
   Claims your Amazon Seller account is at risk and urges you to log in via a spoofed website.

3. Domain Renewal Scams
   Emails warning you that your domain is expiring soon - but link to an unrelated payment portal.

4. Trademark Violation Notices
   Threatens legal action unless you “click here to view the complaint.”

5. Fake Customer Service Requests
   Phony order issues with attachments or links that install malware.

6. Warnings from Facebook and other social media platforms
   Fake emails scaring you about 'suspending' your account. 

Five Smart Ways to Protect Yourself

1. Never Click Suspicious Links
   Hover over links to see where they really go. If it’s not the official site - don’t click.

2. Double-Check Sender Email Addresses
   Watch out for extra characters, missing letters, or domains that look almost right.

3. Use Multi-Factor Authentication (MFA)
   This adds a second layer of security - even if someone gets your password, they still can’t log in.

4. Verify Payments Through a Second Channel
   If you receive new payment instructions or an unusually large invoice, call or text your contact directly to confirm.

5. Educate Your Team
   Make sure anyone handling email, orders, or payments knows how to spot red flags.

What To Do If You Get a Suspicious Email

1. Don’t click anything
2. Don’t reply
3. Report it to your platform (for example, Shopify’s phishing report page: https://www.shopify.com/phishing)
4. Mark it as spam
5. When in doubt, get a second opinion - from your IT support, partner, or advisor

Print a Reminder

Scam emails can hit anyone — even experienced business owners. To help you and your team stay alert, we’ve created a simple, printable checklist you can hang near your computer or in your store’s workspace. 

Download the Email Scam Checklist (PDF)

This guide was prepared by BrandFirewall, an app that protects brands from domain related scams.