We here at RainStorm have recently seen a spike in fraudulent emails about domain names, hosting, etc., so we thought this would be a good time to give you some tips on identifying and protecting yourself from these schemes.
What is Phishing?
According to phishing.org, Phishing is defined as “a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.”
Phishing scams of one type or another have been around forever. They use something called “social engineering” where the scammer gets the target to freely give them the necessary information vs. using decryption technology, etc. Basically, you’re being tricked into giving the scammers information for an apparently legitimate purpose. The scammers then use this information to try to access your accounts and websites, which can result in identity theft and financial losses.
We have focused our tips on email phishing, as this is the method that we encounter the most, however, be aware that phone calls, websites, text messages and even in-person schemes also are used.
Common Features of Phishing Emails
- Too Good To Be True – Has anyone gotten rich from that Nigerian prince yet?
- Too Bad To Be True – The IRS isn’t going to send you random threats — do you have any reason to think that what the sender is saying is logical or related to you personally?
- A Sense of Urgency – Lots of CAPSLOCK, short deadlines, and dire consequences.
- Asking for Personal Details – No legitimate company is going to ask to provide your password, credit card, or banking information via an email.
- Hyperlinks – Always hover over a link to see the actual URL you will be sent to.
- Attachments – NEVER OPEN AN ATTACHMENT THAT YOU WERE NOT EXPECTING. They could easily contain ransomware or other viruses.
- Unusual Sender – Emails from RainStorm about renewing your domain name or web hosting will always come from a rainstorm.host address, for example. Also, even if it looks like a legit address, it’s a good idea to double-check.
- Tricky / Bad / Incorrect Spelling – Scammers will often copy legitimate emails but make small changes to the spelling of the name in the URL, not capitalizing/miscapitalizing certain words (Ebay instead of eBay, for example), etc.
- Caveats – The footer at the end of many domain and hosting-related phishing emails will contain a statement saying that it isn’t a bill or invoice, or that you are under no obligation to purchase. But the scammers are betting that you won’t read the fine print. (And sometimes, it’s in a color that’s nearly the same as the footer.)
What Should I Do If I Suspect an Email Is a Scam?
Listen to your gut. Do not open any attachments, click on any links or reply to the email. Don’t even open the message, if possible.
Some phishing schemes are obvious once you know what to look for. Just go ahead and delete those messages right away. If you aren’t sure, the best thing to do is to contact the company or organization that it is supposed to be representing and ask if the message is legitimate.
Other helpful tips:
- Change your passwords regularly.
- Random passwords are best, but at the very least, they should be complex so they cannot be easily guessed. We have known of sites to be hacked because a single user had their password set to “password” – don’t make it easy for the bad guys!
- Install Anti-Phishing software or plug-ins.
- Keep your browser and email clients up-to-date.
- Check your online accounts regularly for unusual activity.
- Use Anti-Virus software.
- Don’t give out your personal information!
- Don’t panic – don’t let the scammers rush you into making a hasty decision. Take your time and check things out. Legitimate organizations will have no issues with this.
Additional information about phishing schemes, resources, and tips for prevention can be found at phishing.org. Stay informed, aware, and don’t let yourself get hooked!
Here’s a sample of something you can safely ignore.
Here’s a sample of an actual letter one of our clients was sent by a phishing services company, “offering” SEO services in a way that makes the impression that the client’s domain is going to expire. While the detail is in the fine print, not everyone reads emails that carefully when they’re concerned that their website might not work.