Shein Spoofing: A Ploy to Harvest User Credentials

Shein Spoofing: A Ploy to Harvest User Credentials

Harish Kumar G S

By Harish Kumar G S Executive Director – Sales at Check Point Software Technologies, India & SAARC


Shein is one of the most popular shopping apps in the world. It’s the second most downloaded shopping app globally, with over 251 million downloads.

The e-commerce platform is Googled more frequently than major brands like Nike and adidas.

Shein gained popularity for its inexpensive clothing and low prices. However, the company has faced significant criticism for its poor human rights record.

Additionally, according to a TIME report, Shein has been exploited by scammers in various ways, including the use of fake gift cards on Instagram and counterfeit websites. India’s e-commerce industry has witnessed a significant surge in the past seven years, with its estimated revenue climbing from USD 15.53 Billion in 2017 to USD 63.17 Billion in 2023. This rapid growth has brought about fresh opportunities for e-commerce sector players while also subjecting them to heightened cybersecurity risks and compliance regulations. In India, websites and applications witnessed over 5.14 billion cyber-attacks in 2023, with a 10-fold increase in attacks targeting software-as-a-service (SaaS) companies that store high-value customer data.

The retail and e-commerce industries were also major targets of carding attacks. 8 out of 10 Indian websites faced targeted bot attacks, seeing a 46% increase each quarter, totaling over 467 million bot attacks. The most common cyberattacks targeting the Indian e-commerce sector include phishing, credential stuffing, and Magecart attacks that inject malicious code to steal payment information.

That brings us to the focus of today’s report. Researchers from Harmony Email will discuss how hackers are impersonating Shein in an effort to steal user credentials. Over the last month, they have identified more than 1,000 of these fraudulent emails.