Intro: Some users have received order notices or refund emails claiming to be from Global-e — many of these are impersonation phishing messages. This note covers the common scripts and recognition points so you can tell real from fake in the first moment and avoid leaking sensitive info.
Background: Attackers often have recipient names, order numbers, and delivery addresses — enough basic info to feel like an "official notice." Emails or texts attach short links demanding verification codes or payment info on a webpage, or redirect to imposter support.
Core pattern breakdown:
1) Script signals: common openings include "order anomaly needs confirmation," "refund requires account verification," "invoice reissue please log in," "delivery failed please re-pay," then steering to a form or chat.
2) Links & domains: impersonation notices mostly use short links, or domains that differ from the official by one or two characters. Buttons lead to external forms. Certificate-to-domain mismatch is a key risk signal.
3) Request content: any request for recovery phrase, private keys, verification codes, or remote assistance is phishing. Legitimate notices prompt you to view order status — they never request keys.
4) Propagation paths: besides email, the same scripts appear in social-media DMs and instant-messaging groups. The more scattered the source and the more urgent the tone, the more suspicious.
Common misconceptions:
Q: The sender quoted the order number — is it trustworthy? A: Not necessarily; order info can be leaked or scraped. Still need to verify domain and channel.
Q: Can I click the "contact support" button in the email? A: No, type the official URL manually or check in-app.
Q: Do refunds require bank-card info? A: Legitimate refunds happen in the official workflow — they don't collect sensitive info through an email form.
Risk guidance: When you get an order-related notice, stop and check order status manually via the official app or site first. Decline any request for recovery phrase or extension installation. Save email headers and timestamps, and report to official support if needed.
Safety reminder: We will never ask for your recovery phrase, PIN, verification codes, or private keys. Anyone requesting them is attempting fraud — do not share and do not proceed.
