If you do a Twitter search on ShopLAStyle you would normally find some good deals on clothing, but on 3/1/2012 you will find a series of messages alerting people about a hacker attack.
Hacker Attack on ShopLAStyle.com
On 3/1/2012, several hundreds of people received the following email from malicious hacker portraying himself/herself as the LA-based clothing retailer (via Kaufer Communications):
If you receive this email, please do NOT click on any links or open the attached zipped file.
The immediate reaction from all of the affected was to visit the company’s site at http://shoplastyle.com, which caused its server to go down.
ShopLAStyle.com’s customer service number is 1-888-804-0006. If you call you will listen to a nervous message from a woman explaining that they are not taking any calls and they are aware of this situation.
The Social Media Reaction
While ShopLAStyle is not taking any calls, it is using their Facebook page to communicate with the victims of this hacking incident. Here are some of the udpates that they have posted:
However, the company’s Twitter account has not been active since November 27, 2011:
Learn from ShopLAStyle.com’s Hacking Incident
From this incident, there are 3 important lessons on how to deal with a hacker crisis.
1. Be prepared for a server overload: if your site is involved with a hacking incident, it will be visited by a lot of people. Plan accordingly to have extra bandwidth for such instances so that you can post an official message to alert victims. Having your website down only adds more fuel to the fire.
2. Inform people via social media: people who received the malicious email, immediately turned to search engines to find ShopLAStyle.com’ social media presences. Fortunately, the company has been quick to post messages on their Facebook page, however its Twitter account has not been used at all.
3. List your e-commerce site on other places: make it easier for people to reach you. A common complaint among affected people is that it is hard to find the company’s contact information, which only casts more doubt as of whether this is a legitimate company at all.
Updates 3/2/2012
- ShopLAStyle has released a statement at their website:
Shoplastyle.com Order Status for Order #20399282
We were are not affiliated with the domain shoplastyle-clo****.com (we don’t want to list the entire address). We are working on getting it shut down. The link in the email was to this site, which we believe contained a virus. We have heard from multiple people that they have called to cancel their Visa cards and/or have contacted their banks. This is not necessary. Please be assured that the intention of this email was to get people to click on their link to download a virus. There have been no reports of actual credit cards being charged. Everybody got the same email that said their Visa was charged. In addition, we do not have any of your personal information. We believe your email was obtained in a malicious manner and then our company name was used to entice you to click on the link. We really hope this clears up your questions. It has been a rough day for all of us!
If you received an email message with the subject line “Shoplastyle.com Order Status for Order #20399282” please know that this is spam that was NOT sent by us. We believe thousands of people received this same email. There is no order 20399282. We do not have any information about you including any credit card information. No credit card was charged. You will notice that there is no shipping information in the email because the same text was sent to everybody. We suggest that you do not respond to the email, do not click on any of the links. You should delete the email. We have nothing to do with this email. We are asking that you do not contact us in regards to this email because we are currently overwhelmed with voice mails and emails due to this spam.
It looks like the domain is registered to somebody in Russia. We are currently working on shutting down the domain shoplastyle-clo****.com that is being used in the email.
Updates 3/1/2012
- ShopLAStyle has released a blog post.
- ShopLAStyle has updated its Twitter account.
Nice analysis of ShopLAStyle’s reaction to their situation, and some good, solid tips for handling it. I shared your post in my own comments section.
I took a different approach with the situation, using it as a case-study for signs that a legitimate-looking email may actually be a threat. I get questions like this from people I know fairly often, so I hope these tips for what to look for before clicking any links (easy to do in a panicked reaction!) help.
http://kian.gl/scam
ea/
Hi Erinn Anne,
Thank you for stopping by. Those are some good questions that you asked at your post.
I hope that the ShopLAStyle folks clear this situation right away, it appears that they had a similar event about 6 months ago.
However, as you wrote, there are many online scams going on and the blame shouldn’t fall all on ShopLAStyle.
Cheers,
Damian