Don’t Take the Bait: Email Scams Targeting Online Business Owners

Running an online business means constantly being on alert - not just for customer needs or supply chain hiccups, but for something more sinister: email scams.

Scammers are getting smarter and more persuasive. One of their favorite targets? Online business owners who rely on platforms like Shopify, PayPal, or Amazon to keep their stores running.

In this post, we’ll expose the common types of scam emails, share real-world examples (including a fake Shopify email and a $20,000 loss by one of our clients), and give you five essential tips to protect yourself and your store.


Phishing Emails: What Are They?

Phishing emails are fake messages that appear to come from trusted companies. Their goal? Trick you into:

  • Clicking malicious links
  • Giving away your login credentials
  • Downloading malware
  • Revealing sensitive business data

For ecommerce store owners, the risks are high. A successful scam can lock you out of your store, damage your reputation, or even steal your customers' data.


Real Example #1: Fake Shopify Account Suspension Email

Here’s a real example of a scam email that recently landed in an online store owner’s inbox:

Red Flags in This Message:

  1. Message came from a @gmail address - Official Shopify emails always come from @shopify.com.

  2. Vague reasoning - No explanation, issue reference number, or account-specific details.

  3. No Shopify branding or secure links - No logos, formatting, or verification links.

  4. Request to reply by email - Shopify would not ask you to confirm your identity via email in their first contact.


Real Example #2: David’s $20,000 Invoice Scam

Last year, one of our clients - David - fell victim to a much more costly scam.

He received what looked like a regular email from one of his suppliers. It included a $20,000 invoice and payment instructions. Since these kinds of transactions were part of David’s normal operations, he made the payment.

A week later, the actual supplier emailed him asking why the invoice hadn’t been paid.

David was stunned. After some digging, he discovered that the earlier email had come from a scammer using a domain with only one letter different from his supplier’s real address. The invoice looked identical to the supplier’s usual format - and because of that, he didn’t think twice before paying.

The result? David lost $20,000. The money was gone, and unfortunately, it was not recoverable.


Other Common Email Scam Tactics

In addition to fake platform emails and impersonated suppliers, here are other types of scams to watch for:

  1. Fake Invoices from PayPal or QuickBooks
    You receive a notice for a $750 “pending payment” and are urged to call a number or click a button to cancel.

  2. Amazon Suspension Alerts
    Claims your Amazon Seller account is at risk and urges you to log in via a spoofed website.

  3. Domain Renewal Scams
    Emails warning you that your domain is expiring soon - but link to an unrelated payment portal.

  4. Trademark Violation Notices
    Threatens legal action unless you “click here to view the complaint.”

  5. Fake Customer Service Requests
    Phony order issues with attachments or links that install malware.

  6. Warnings from Facebook and other social media platforms
    Fake emails scaring you about 'suspending' your account. 

Five Smart Ways to Protect Yourself

  1. Never Click Suspicious Links
    Hover over links to see where they really go. If it’s not the official site - don’t click.

  2. Double-Check Sender Email Addresses
    Watch out for extra characters, missing letters, or domains that look almost right.

  3. Use Multi-Factor Authentication (MFA)
    This adds a second layer of security - even if someone gets your password, they still can’t log in.

  4. Verify Payments Through a Second Channel
    If you receive new payment instructions or an unusually large invoice, call or text your contact directly to confirm.

  5. Educate Your Team
    Make sure anyone handling email, orders, or payments knows how to spot red flags.


What To Do If You Get a Suspicious Email

  1. Don’t click anything
  2. Don’t reply
  3. Report it to your platform (for example, Shopify’s phishing report page: https://www.shopify.com/phishing)
  4. Mark it as spam
  5. When in doubt, get a second opinion - from your IT support, partner, or advisor

Print a Reminder

Scam emails can hit anyone — even experienced business owners. To help you and your team stay alert, we’ve created a simple, printable checklist you can hang near your computer or in your store’s workspace. 

Download the Email Scam Checklist (PDF)

This guide was prepared by BrandFirewall, an app that protects brands from domain related scams.

 

Want to boost your eCommerce sales?

  • Get a free store audit from Shop Innovator!
  • We'll analyze your website, SEO, and marketing strategy.
  • Find opportunities for growth and higher conversions.
  • No cost, no obligation - just actionable insights to help you succeed.

Request your free audit today! 🚀

About the author: Art Palvanov

Art is a creative director and co-founder of Shop Innovator. He loves working with entrepreneurs on web design projects and digital marketing campaigns. On our blog he shares ideas on technology, creativity and business.

Back to blog