If you receive a Shein mystery box, do not open it

News
By
published

There's nothing mysterious about phishing

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
(Image credit: weerapatkiatdumrong / Getty Images)

If you receive an email with a “Shein mystery box” - don’t open it. There’s nothing mysterious about it, and it’s not from Shein. It is a phishing email, coming from unidentified hackers, looking to steal your personal information.

Earlier this week, cybersecurity researchers from Harmony Email observed more than 1,000 phishing emails being sent out, impersonating Shein. 

For those unfamiliar with Shein, it’s one of the world’s most popular shopping platforms, with more than 500 million downloads on the Google Play Store, alone. It offers female clothing lines, accessories, and footwear. Harmony claims it owes its popularity to inexpensive clothing and generally low prices. 

Red flags

Shein was founded in China in 2008, and being so popular, is a major target for impersonators and similar fraudsters. Harmony reminds that hackers often run fake gift card scams on Instagram and across the web, impersonating the retailer.

The recipients would get an email seemingly coming from Shein, and claiming that they had won a redeemable “mystery box”. Those that click on the image in order to “redeem” the gift are redirected to a fake Shein website where they’re invited to share their personal information. 

There are numerous red flags in this email campaign, making it easy to spot. First, the sender’s email address is nowhere near Shein’s official domain. It includes “a jumble of random letters” which is definitely not the way a reputable company would address its customers. Also, the email does not contain any branding or logos. 

Finally, the URL of the website where the visitors are redirected is obviously not the Shein website. 

Phishing emails have never been as prevalent as they are today, despite email service providers’ best efforts to filter them out. The best way to stay safe is to be skeptical of every unexpected email, especially if it requires urgent attention, or action.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Paper craft illustration of a suspicious email that contains a snake
How to spot a phishing email
A scam text from a Post Office delivery
Fake parcel delivery texts are the fastest-growing phishing scam this holiday season – here’s how to avoid them
Fraude en ligne phishing
What is phishing and how dangerous is it?
Representational image of a hacker
Email scams vs Phishing - is there a difference?
Bitcoin
Fake Ledger data breach emails used to trick victims into giving up recovery phrases
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
HTC Viverse

The company formerly known as HTC is doubling down on immersive worlds, AI, spatial computing and ... 6G?
See more latest
Most Popular
HTC Viverse
The company formerly known as HTC is doubling down on immersive worlds, AI, spatial computing and ... 6G?
A business woman looking at AI on a transparent screen
Businesses are facing an "AI Divide" - which could be the difference between success and failure
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Apple Vision Pro with Dassault Systèmes 3DEXPERIENCE platform
Dassault Systèmes teams up with Apple to use Vision Pro headsets to bring spatial CAD to life
Samsung 18.1-inch foldable OLED monitor
Samsung has launched a flexible portable monitor complete with a briefcase, one that seems to come straight from a James Bond movie
GenMachine Zhi mini pc
This is the smallest AMD PC I've ever seen: mysterious manufacturer uses Ryzen 3 APU with surprising results
Beelink ME Mini
One of our favorite mini PC vendors has launched a NAS that looks a bit like Apple's PowerMac G4 Cube PC - but way smaller
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Maserati MC20 Autonomous
This AI-driven Maserati just hit 197.7mph without a human behind the wheel