You might have come across fake websites or profiles, seeking to imitate Shippit in order to defraud our customers of their personal information. These sites and accounts are not affiliated with Shippit in any way. If you have seen or interacted with a fake website or profile that claims to be a Shippit property, there are some things you can do to report the site, and help to get it removed.
🚨WARNING: If you are uncertain whether or not a site is an official Shippit property, do not click! You can always contact us directly to find out if something is secure before you enter any personal data, including your name, email address, phone number, or password.
All official Shippit communications come from one of these domains:
If you have received communication from any other domain pretending to be from Shippit, do not engage, and report it immediately.
Report phishing and scams
If you have received or seen a fake website or profile that is pretending to be from Shippit, you can report the details to us so that we can take action to have the site removed. This could be in the form of a fake login to the Shippit app, a fake website, fake reviews trying to get you to click, fake job offers, or a fake profile on a social media site. Here's what to do if you spot one.
You can also use this procedure to report security vulnerabilities in our app or website.
Reporting phishing and scams
Take a screenshot or photograph of the fraudulent site or profile. Take note of the URL or any other details that are available.
Do not click any links, or enter any details into the fraudulent site. If you have already done so, stop as soon as you realise that you are dealing with a fake site.
Go to the Shippit responsible security disclosure page, and read the information about how Shippit handles security discloures, and what can be considered a security breach that requires disclosure.
Email the Shippit security team with as much information as possible, such as:
Your name and contact details
An explanation of the potential security vulnerability
A list of Shippit products or services that could be affected (where possible)
Steps to reproduce the vulnerability
Proof-of-concept code (where applicable)
The Shippit security team aims to respond to reports within ten business days, and keep you informed of our progress as we move through the investigation.
💡NOTE: Shippit does not participate in a bug bounty program, and we do not offer compensation for finding potential or confirmed vulnerabilities.
Shippit domains and email addresses
If you are unsure whether or not an email or website you are looking at it a legitimate Shippit property, check this list first. If you are still uncertain, get in touch with the Shippit security team before you interact with the site, reply to the email, or provide any details.
Legitimate Shippit domains
Shippit use these domains to serve you important information about the company, or to allow you to log in to our services. If you receive a URL claiming to be a Shippit property, but it is using a domain that is not on this list, do not interact with the site, and contact the Shippit security team immediately.
Domain | Example URLs |
| |
| |
|
Legitimate Shippit email addresses
Shippit use a variety of email addresses to send communication from. Legitimate email addresses used by Shippit always end in one of the domains listed above. If you receive an email claiming to be from Shippit, but it was sent from an email address using a domain that is not on this list, do not reply, and contact the Shippit security team immediately.
Shippit system emails usually come from email addresses like these:
Email address | Example email addresses |
| alerts@premonition.io |
| donotreply@shippit.com |
| hello@shippit.com |
| noreply@shippit.com |
| no_reply@shippit.com |
| notify@shippit.com |
| notify_noreply@shippit.com |
| system@premonition.io |