Client Email

From: Ruta Kazlauskiene ruta@gintarokelias.lt Subject: Security assessment for our online jewelry shop

Hello,

I run Gintaro Kelias, a small amber jewelry workshop and online store in Klaipeda, Lithuania. We've been crafting amber jewelry as a family for three generations, but the online shop is newer -- about four years.

The shop has grown quickly. We now ship to 15 countries. Customers create accounts, save addresses, leave reviews, and we process payments through Stripe. My nephew Tomas built the shop on WordPress with WooCommerce when he was studying in Vilnius.

Three weeks ago, a loyal customer in Germany forwarded me an email she received that looked exactly like it came from our shop. It used our logo, our colors, and asked her to "verify her account details due to a security update." She was smart enough not to click, but she was upset. I don't know if someone copied our website design or if they actually got access to our customer list.

Since then I've been worried. I don't know if our shop is properly secured. Tomas last updated things about six months ago and he's been busy with his new job. I want a proper security check -- are customer accounts safe? Could someone get into our database? Is the payment process secure?

We're heading into our busy season (Christmas orders start in October) and I cannot have the shop go offline. But I also can't sleep knowing there might be a hole in our system.

I need this explained clearly. I know amber, I know jewelry design, I know customer service. I don't know cybersecurity. Tell me what's wrong, how bad it is, and what to fix first.

I've attached the email my customer received, and a link to our shop: gintarokelias.lt

Thank you, Ruta Kazlauskiene Gintaro Kelias Klaipeda, Lithuania