Login Start a Free Trial

solutions

See What’s New

External Link

All Features

Discounted Rates

ShipStation API

use cases

Integrations

All Integrations

Carriers

Online Stores and Shopping Carts

Marketplaces

Listing Tools and Multichannel

Ecommerce Tools

Popular

Resources

Resource Hub

Newsroom

Blog

Customer Stories

Help Center

Community Forum

Company

Protect Yourself—and Your ShipStation Account—From Phishing

Published on March 20, 2025
Written by Benjamin Jenkins

First documented in the mid-1990s, phishing is one of the most pervasive cybersecurity threats today. Cybercriminals frequently target online commerce platforms to gain access to a treasure trove of financial details, customer information, and sensitive business data.

This guide will cover the basics of phishing, help you recognize phishing attempts, and give you best-practices for keeping your accounts, including your ShipStation account, safe and secure.

What Is Phishing?

Phishing is a type of social engineering cyberattack in which fraudsters trick individuals into revealing sensitive information. These attacks can take many forms, including:

  • Traditional phishing: Mass emails sent to deceive their recipients into providing their sensitive personal details
  • Spear phishing: Personalized attacks that target specific individuals or organizations
  • Whale phishing: Fraudulent emails aimed at top-level executives or other high-profile business targets
  • Credential phishing: Attempts to steal the recipient’s ShipStation login details 
  • HTTPS phishing: Deceptive websites that appear secure due to HTTPS encryption
  • Voice phishing (vishing): Social engineering attacks conducted over the phone
  • SMS text message phishing (smishing): Attacks using fake text messages to trick recipients
  • QR-code phishing (quishing): Fraudulent QR codes directing users to malicious sites
  • Deepfake impersonations: AI-generated audio, photos, and video used to mimic trusted individuals

How Phishing Works

Cybercriminals can be clever. They exploit human psychology by creating a sense of urgency, disguising their emails to look like legitimate business communications, and using convincing language to pressure you into acting quickly.

According to SlashNext’s mid-year The State of Phishing 2024 report, phishing attacks have skyrocketed by 4,151% since ChatGPT’s public release in late 2022. This is partly due to the rapid advancement of generative artificial intelligence (GenAI). Attackers—especially those using GenAI—produce increasingly more sophisticated and convincing messages, which makes phishing even harder to detect.

Why ShipStation Users Could Be Targeted

As a shipping and ecommerce management platform, ShipStation holds valuable user data, including shipping records and customer contact information. Because of this wealth of available information, ShipStation accounts are an attractive target for cybercriminals looking to exploit businesses and their clients.

Phishing Examples Targeting ShipStation Users

Phishers may use a variety of deceptive tactics to trick ShipStation users:

  • Emails impersonating ShipStation support: You might receive an email claiming to be from ShipStation support or billing, requesting login details or payment information. ShipStation will never email you asking you to provide this information.
  • Emails with fake login links: A phishing email could try to trick you into entering your user credentials on a fake login page. 
  • Emails with fraudulent shipping updates: You could also receive an email containing fake tracking information or order confirmations—complete with malicious links.

Watch for These 8 Phishing Red Flags

Phishing emails may not immediately stand out as potential fraud, but if you know the warning signs, you can avoid falling prey. Be on the lookout for warning signs in emails or messages related to your ShipStation account, such as:

  1. Suspicious sender addresses with misspellings (such as “Shipstation” or “ShlpStation” instead of “ShipStation”) or odd domains (for example, “gmail.com” rather than the official ShipStation domain, “shipstation.com”)
  2. Generic greetings and language instead of personalized messages
  3. Poor grammar, unnatural language, typos, and spelling errors
  4. Requests for sensitive information such as passwords or financial details
  5. Unusual or unexpected emails about your ShipStation account
  6. Links to unfamiliar, suspicious, or spoofed websites
  7. Links that appear to point to a known website but instead direct you to another domain
  8. Attachments from unknown senders (commonly PDF attachments)

What To Do if You Suspect a Phishing Attempt

If you encounter a suspicious email or message, never click on any links or open its attachments. Instead, report the email to ShipStation support and then to the Anti-Phishing Working Group (APWG).

For added security, change your ShipStation password immediately as a precaution.

How To Protect Your ShipStation Account From Phishing Attacks

Follow these Federal Trade Commission Consumer Advice recommendations to recognize and avoid phishing scams and reduce your risk of falling victim.

  • Create and use strong, unique passwords and avoid reusing them across different platforms.
  • Enable two-factor authentication for your account to ensure only you can access it.
  • Be cautious about clicking links in emails. To access your account, it’s much more prudent to type the website’s known URL into your browser’s address bar.
  • Regularly check your ShipStation account activity for any suspicious actions.
  • Update your computer’s software and browser regularly to protect against security vulnerabilities.
  • Use malware-detecting security software on your computer and set it to update automatically to handle any new security threats.

How ShipStation Protects You

ShipStation takes security seriously. Our platform employs Adaptive Multi-Factor Authentication (AMFA), strict password requirements, and fraud alerts to safeguard your account. But even so, it’s crucial to stay vigilant and know the signs of a phishing attack.

Stay Vigilant and Report Suspicious Activity

Cyber threats evolve constantly, and staying informed, alert, and cautious can help you protect your ShipStation account from potential fraud. If something just doesn’t seem right, trust your gut instincts. Report any suspicious activity to ShipStation support, and forward any suspected phishing emails to the APWG. Most importantly, always prioritize security in your day-to-day operations to protect yourself, your business, and your customers.

With ShipStation, you have all the tools you need to scale your ecommerce business in one secure platform. Start your free trial today!

Topics

Benjamin Jenkins

Benjamin Jenkins

More articles by Benjamin Jenkins →

More Posts

Introducing ShipStation API: ShipEngine’s Next Evolution 
Today, we’re excited to announce ShipStation API, a unified solution that combines the reliability and innovation of ShipEngine with the power of the ShipStation brand. Since 2017, ShipEngine has been…
Read More
The Next Era of Ecommerce: Key Trends and Strategies for 2025
In developed regions such as North America and Europe, the ecommerce market has moved past its rapid growth phase, but it continues to evolve.  The online retail industry has become…
Read More
Scale Your Business Internationally with GlobalPost
International shipping is your business’s key that unlocks more customers around the world. However, cross-border shipping can be a hurdle many growing businesses have a hard time clearing. Luckily, reaching…
Read More