QUESTION: As you read this post, also think about it from a communications and reputation-management perspective. If you were the company affected by this scam, how would you handle it?
Well, imagine my surprise yesterday when I made myself a mid-morning cup of coffee and re-opened my email to get caught up, and suddenly found there an invoice for nearly $300 for two pairs of pants I never ordered!
After the initial “WHAT?!” shock, and just I was about to run my mouse to the link to deal with this mistake, something made me just stop moving for a moment. I removed my hand off my mouse, took another sip of coffee, and then just quietly stared at the message, reading it very carefully. I didn’t click on anything, I didn’t touch any buttons or try to open any links. I just sat and looked at it. I asked myself a few questions, too, while doing so.
But first, here it is:
Pretty convincing, eh?
Funny how much you can take in in just a few seconds when you decide that something is wrong other than what initially appears to be wrong (i.e. the initial thing that appeared to be wrong was the purchase; upon reflection, the secondary thing that appeared to be wrong was the email itself).
Here were the questions I pondered:
- Could someone else have ordered some nice new clothes for me as a surprise? Answer: not likely, especially not in that size! (heh, I wish…better get back on my bike!)
- Is this a legitimate company? What’s it called? Shop LA Style. Answer: Yes. I Googled it in a separate window, without touching the link in the email.
- Could someone have stolen my credit card and email address and placed an order for themselves? Answer: No. Not this time. No charges were put through on my credit card.
- Could the link displayed in the message be legit, or is it somehow masking a different URL that I would be whisked off to, only to have my entire digital life destroyed by some nasty bug or bomb or something? Answer: It’s a masked URL pointing to a site that is nearly, but not quite the same (they added a few letters to the end of the legitimate company’s URL). I found that out by carefully hovering my mouse over the link then right-clicking it to reveal the link without actually clicking on it (NOTE: this is how it works in MAC MAIL !!! Don’t know how this works in Outlook, so BE CAREFUL!)
In more detail, here are the clues that tipped me off, and that I would encourage you to consider if you encounter a potential scam like this before you click on ANYthing!
- I received two copies of this email…
- …to two different email accounts…
- …from a company I’ve never heard of…
- …for an order of clothing I could only fit into in my dreams…
- …on a credit card that was already too close to the limit for an order of this amount to go through…
- …and they don’t give any hint as to the number used for the payment (most online receipts for VISA payments show the last four digits of the VISA card to prove validity and to help the customer, who maybe has more than one VISA card, figure out which card they actually used.
- Clue number 7 came when I inspected the link in my email without opening it: the visible link says that it’s from shoplastyle.com, which I googled and is a real clothing store with a website, but the real link that is revealed when I inspect it is “shoplastyle-clothes.com” — even though it looks like a duck it really squawks like a chicken. (HINT: Even just one letter different in a URL is a COMPLETELY different domain/registration and can be owned by someone completely different. Masking the real URL and making it look different to the eye than it is to the mouse click is not hard for hackers, not hard at all….)
- And clue number 8 is in the copy itself, the instructions about refunds. Invoices are rarely included in the order — the emailed invoice IS the invoice, the paperwork included in the order is just the packing slip. The information there is all wrong. I figure they are trying to prevent people from storming Shop LA Style’s retail stores demanding refunds for orders they didn’t place (and don’t exist) because that lets them fly under the radar just that little bit longer on that particular store’s name.
Of course, I have to admire the cunning strategy they are using, much as I despise them for it. They aimed to upset me and entice me into clicking their link so that I, in my agitated “But I didn’t order anything from you!” state would get sucked in to their cesspool while I thought I was undoing an order I didn’t order, or trying to figure out who ordered it on my card, or whatever.
It has nothing to do with the real store, I’m quite certain.
On a marketing note, this is one of the reasons why “transparency” is SO important, and why reputation and trust in the digital world are so fragile. I can only imagine the potential for hate-mail, angry phone calls and furious customers descending on Shop LA Style from people who have been tricked and don’t fully realize it yet… If you were the communications and marketing manager at www.shoplastyle.com, what would you do to respond to this threat to your credibility, especially as it has nothing to do with you? Shop LA Style is as much a victim of this scam as I nearly was… and maybe more-so…
I’ll bet this scam really, really works well.
Be careful out there.