I received an email from Oozak this morning stating that the first email is fraudulent; the perpetrators (sp?) have even set up a fake Oozak website. Here's the email message:
Dear PAMELA,
Fraudulent Email
Some of you have received an email that looks as if it was from me, this time it was promoting an Anniversary Sale. This is not a legitimate email. It links to a spoof website. Here is the most important thing you need to know:
If you have clicked the link & proceeded through the checkout process by entering your credit card info, contact your credit card company immediately. I don't know for sure if you credit card info has been compromised, but it is better to be on the safe side.
This is a very sophisticated attack on my business and a illegal attempt to get your personal info. This attack has gone so far as to setup a spoof website that looks as if you are on Oozak.com. This email is similar to what you see from the fake 'Wells Fargo' or 'Bank of America' emails that contain a link that brings you to a spoof website that resembles the named bank and asking you to update your info.
This spoof website is hosted in Spain. I am working hard to get it shut down.
I am contacting the company called ReachMail to see what can be done.
The sure fire way to tell if you are shopping on the real Oozak.com is to verify the address shown in your internet browser address bar, it will show
Oozak.com | eCustomer Service at its Best!. The fraudulent link in the email brings you to
http://oozak.webcindario.com. Also, on the real Oozak.com, once you click CHECKOUT, you are moved to the secure checkout process. This is represented by an 'S' being added to the http (
https://www.oozak.com). My site is secured by GeoTrust. Clicking the GeoTrust seal will verify that you are on the real Oozak.com. The GeoTrust seal also displays the current date. The fake GeoTrust image had an incorrect date showing. My GeoTrust seal is located under the CATEGORIES column. I will be moving it to the top of the categories column for easier reference. Please know that:
Credit Card information is never stored on my website.
All credit card payments are processed through PayPal.
My mailing list is hosted with ConstantContact.com
As I said before, this is a very sophisticated and well thought out attack. As far as I can tell, my mailing list/website has not been breached. I assume this as I use several test email addresses from different providers to see how email looks prior to being sent, as well as to make sure it does not wind up in a SPAM box. None of these email addresses have received this fraudulent email. These email addresses are also used on the website to perform test orders. If the website had been breached, I would assume these test email addresses would receive the email as well. I do not know how or where they are getting email addresses, I'm sure many of you shop on similar sites like Oozak, it very well could be one of their lists. I will attempt to find out that info once I am able to contact ReachMail. Here are some tips to be sure an email is legit:
I always display your name after 'Dear', never 'Dear Customer'.
Pay attention to the sentence structure and grammar.
My sincere apologies,
Rusty Gorter
Owner
Oozak.com
Oozak Anniversary Surprise
