Order-tracking app Shop abused to push callback phishing attacks

Threat actors are abusing Shopify's Shop app by inserting fake purchase receipts into user order histories. The fake orders impersonate Norton, McAfee, Apple, and PayPal, listing phone numbers that connect to scammers posing as support agents. Victims are tricked into disclosing credentials or installing remote access software.