How to recognize and report suspicious emails or messages to avoid scam?

If you receive a suspicious email or message that seems to be from Wish or Wish employees, and the message requests that you provide passwords, verification codes, API access token, or API client secret, be vigilant. The email may be a scam.

How to distinguish between suspicious emails and legitimate messages from Wish?

Fraudsters create fake email accounts to pose as Wish employees, in the hope that recipients will reply or click on a link or attachment, and provide confidential information including passwords and verification codes of any accounts, or API access token and API client secret. These emails or messages often contain the following:

• Requests for password or verification codes

• Offering paid services outside of the Merchant Dashboard portal

If you receive a message from “Wish employees” or anyone else asking you to share passwords, verification codes, API access token, or API client secret, do not reply directly, because Wish never asks merchants for the following details via emails or external communications outside protected merchant portal (such as Merchant Dashboard):

• Wish Merchant Password

• Password to personal email, bank, or other accounts

• Verification codes

• API access token

• API client secret

How to report potentially fraudulent / scamming emails or messages:

If you receive a suspicious email or message that requests passwords, verification codes, API access token, or API client secret, and are unsure of the legitimacy of the message, you should report it to us immediately. Here's how:

• First of all, do not click any links or open any attachments in the email.

• Reach out to [email protected] (General Support) or [email protected] (CN General Support) and include the suspicious message as an attachment so we may investigate further.

文章内容来源：wish商户官方网站