I just made this account because I received an email saying that the let's encrypt team is contacting me to update the security for my Shopify store.
The scam might be convincing for some so I just wanted to point it out, and since let's encrypt name is being used I thought it should be posted here.
They will ask you to put your Shopify login details and then redirect you to your website.
This the email of the sender: email@example.com
and this is the phishing page, https://error-prevention-sys.com/?u=(some generated code)
I didn't know what to do with this information, so I wanted to warn people about it
I'm assuming it's just due to some public email (whois data maybe, or posted on the sites themselves), combined with looking up certificate transparency data.
In terms of "what to do with this information", you can report the sites to Google Safe Browsing and Microsoft Smart Screen (See the links in the FAQ), and you can report the email however you report other spammy emails depending on your mail provider. (You can dig through the headers, find the IP that sent it to your mail system, and find an abuse contact for that IP, but that sadly isn't always worth doing nowadays.)
That does still work, but there is an even more effective approach to use in this case...
Because the email mentioned Shopify, the recipient or LetsEncrypt can reach out to them for "help". Large vendors and tech companies typically have legal and compliance teams that work with ISPs, and they tend to be very effective in deplatforming scammers/phishers.