If you receive a suspicious email or message that seems to be from Wish or Wish employees, and the message requests that you provide passwords, verification codes, API access token, or API client secret, be vigilant. The email may be a scam.
How to distinguish between suspicious emails and legitimate messages from Wish?
Fraudsters create fake email accounts to pose as Wish employees, in the hope that recipients will reply or click on a link or attachment, and provide confidential information including passwords and verification codes of any accounts, or API access token and API client secret. These emails or messages often contain the following:
- Requests for password or verification codes
- Offering paid services outside of the Merchant Dashboard portal
If you receive a message from “Wish employees” or anyone else asking you to share passwords, verification codes, API access token, or API client secret, do not reply directly, because Wish never asks merchants for the following details via emails or external communications outside protected merchant portal (such as Merchant Dashboard):
- Wish Merchant Password
- Password to personal email, bank, or other accounts
- Verification codes
- API access token
- API client secret
How to report potentially fraudulent / scamming emails or messages:
If you receive a suspicious email or message that requests passwords, verification codes, API access token, or API client secret, and are unsure of the legitimacy of the message, you should report it to us immediately. Here's how: