On 3/1/2012 numerous emails were sent out with the subject line "Shoplastyle.com Order Status for Order #20399282". The exact same email with the subject line "Shoplastyle.com Order Status for Order #747821" was sent out on 9/28/2011.
If you received one of these emails please know that it is spam. It is a fake order confirmation email and it was NOT sent by us. We believe thousands of people received this same email. There is no order 20399282. We do not have any information about you including any credit card information. No credit card was charged. You will notice that there is no shipping information in the email because the same text was sent to everybody. We suggest that you do not respond to the email, do not click on any of the links. You should delete the email. We have nothing to do with this email.
The email was sent out by spammers who used our business name, which is commonly known as brand spoofing. The point of the email is to get recipients to click on the link and download a virus. The link looks like it will direct you to shoplastyle.com but instead it points to a similar domain, shoplastyle-clo***.com, which is not our domain. This domain was registered the same day the emails were sent by what appears to be somebody in Russia.
We have heard from multiple people that they have called to cancel their Visa cards and/or have contacted their banks. This is not necessary. Please be assured that the intention of this email was to get people to click on their link to download a virus. There have been no reports of actual credit cards being charged. Everybody got the same email that said their Visa was charged. In addition, we do not have any of your personal information.
Below you will find articles written about this incident.
How ShopLAStyle is Dealing with Hacker Crisis
WARNING: A whole new kind of scam
Below you will find some of the common questions that we've had regarding this email.
Why was this email sent out?
The spammers are trying to get you to click on the link so that you will download a virus. This email has nothing to do with credit card fraud.
Do I need to cancel my Visa?
No. The spammers only have your email and not any credit card info.
What if I clicked on the link?
We suggest you run a virus scan on your computer. The text in the link makes it look like you are clicking on a shoplastyle.com link but you are really being directed to the site shoplastyle-clo****.com, which we do not own. This domain was registered on the same day the emails were sent by somebody in Russia.
This came to my work email.
We have heard this a lot. We have no idea how they obtained your email. If you haven't shopped with us then we don't have your email address.
Why did it take you so long to respond to Facebook/voice mails/email/blog comments/twitter?
It may have seemed like we weren't responsive from your point of view but over here we were frantic! The site was down, the phone was ringing off the hook, and emails were pouring in. Most of you saw the email before we knew about it. We were really doing our best. We were responding as quickly as we could but so much was happening so fast, it was like we couldn't do it fast enough.
Your company had to have something to do with it because the email came from a shoplastyle.com email address.
Actually anybody can send an email as anybody using SMTP. I know it's not easy for most people to understand but in the IT world it is very easy.
Your site was down so you must have been the spammer.
Our site was down for a few hours on 3/1/2012 because our servers were overwhelmed by the surge in traffic. We were trying to update our Facebook page regularly.
I couldn't locate your contact information online.
We are not in the yellowpages.com because we are an online only store. Even though the email stated otherwise, we do not have a physical store location.
I've never heard of you or shopped with you so how did you have my email?
We don't have your email or any of your contact information. If you haven't shopped with us then we couldn't possibly have it. Somehow the spammers obtained your email address but not from us. Actually, we have not heard of any of our customers receiving the email.
I've never shopped with you and now I will not for sure.
This is such a bummer for us!! We are a small business and have been targeted by spammers. We hope that you come to realize that we are victims here. It is so unfortunate that some spammers from Russia could impact our business like this. We are your classic honest, hard working small business doing our best to keep up. I think once you understand the full story then you will not feel that way. If we did malicious things like this then I promise the credit card companies would not give us a merchant account and the reputable brands that we carry would not work with us.
I want to know how they got my information.
We would like to know that too. It appears that they only have your email address and not any credit card information.
You need to work with the authorities to address this issue.
We wish the authorities would help us. But the truth is that spam happens all the time and the FCC doesn't have time to address all of these issues. Even worse is that these attacks originate in other countries such as Russia and Argentina. You can report being spammed to the Federal Trade Commission. Send a copy of the unwanted or deceptive messages to firstname.lastname@example.org, or visit their website, FTC's Complaint Assistant.
I'm usually good at recognizing spam and this one (almost) got me.
We've heard that from quite a few people.
Are you a reputable company?
We have been in business since 2003. If we weren't reputable then we would not still be in business
If this happened 6 months ago then why did it happen again?
Because there is nothing we can do to stop it from happening again. If the spammers want to send out the email again tomorrow then there is nothing we can do about it.
How come this doesn't happen to other companies like Amazon.
It does. It happens to banks, ebay, UPS, etc all the time.