Occasionally, we at TSB Web Consulting would receive inquiries or complaints from panicked/anxious customers regarding the receipt of warning, notification or alert emails. These emails that tend to look real or genuine will usually instruct/command the customers to perform certain ‘urgent’ actions. In times like this, we are always glad to assist especially when it involves the online security of our customers. As expected and upon investigation, most of these emails will turn out to be suspicious, fake and phishing emails.
What are phishing emails? According to our friend at Wikipedia, phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
What we will be doing today in this article is to highlight a few short case studies with pointers, to spot the red flags in these nasty emails. For privacy purposes, email addresses mentioned in the emails have been removed and replaced with firstname.lastname@example.org
Case Study 1 – Subject: email@example.com will be eliminated from our server
Customer receives an email with a message that threatens to close down the user’s email account. The email seeks to inform the customer to click a link in order to update the email account, or faces closure or termination! Anyone who is not familiar with these type of phishing emails will tend to panic. Well, do not panic!
First off, do notice the email is being sent from ‘firstname.lastname@example.org’. Is this your web host provider or your service provider? If your answer is no, then this is definitely a fake, phishing email. Most importantly, do NOT click on the links in the email!
Any emails related to your web hosting account, email accounts and websites will come directly from your service provider.
Case Study 2 – Subject: Problem with your webhosting account – email@example.com
Customer receives an email notifying that his/her email has been transmitting viruses and will be deactivated permanently if not resolved. As usual, the email requires the user to click on a link in order to solve the issue at hand. The email went a step further by suggesting that the user should move the email message to the inbox if it is currently in the spam box.
Do NOT panic and do NOT click on any links in the email!
Same as case study 1, be aware of where the email is coming from and in this case, NortonWebHostScan@cPanel.com. If this is not from your service provider, then it is definitely a fake email. Secondly, the email greeted the user with ‘Dear firstname.lastname@example.org’ (your email address). A genuine email from your service provider would have included the name associated with the account.
Again, any emails related to your web hosting account, email accounts and websites will come directly from your service provider.
Case Study 3 – Subject: Urgent (#some invoice number) / Your company name
This next case study is slightly different as the emails are being sent to the customer’s distributors/suppliers/clients/contacts. However, the red flags are pretty much the same.
First of all, take note of the sender’s email address. Is this the email address that you usually have contact with? If your answer is no, this email is most likely a phishing email. Most importantly, same as all phishing/fake emails, the receiver must not click on any links and images (refer to image below). In this case, the receiver must also not open any attached file, even if it is just a pdf. The pdf might contain a link that will redirect you to a virus/malware infected website.
Well now, what if the emails are being sent from your customer’s email that was hacked? That surely is another great topic for discussion. Our advise, always double check when in doubt. Business owners should notify all their distributors/suppliers/clients/contacts to be aware of such incidents happening and avoid becoming a victim in online fraud/scam.
We at TSB Web Consulting are hopeful that you have gained better understanding and knowledge relating to suspicious, fake and phishing emails. Let us summarize the pointers that were mentioned above:
- Do not panic!
- Be aware of the email address written in the ‘From’ field
- Do not click on any links from these suspicious emails
- Do not open any attachments from these suspicious emails
- Spread the awareness of online safety to all those in your marketplace
- Always double check when in doubt.
When dealing with business transactions online, always be vigilant and aware of the potential dangers lurking around. When in doubt, always contact your host or your service provider. We at TSB Web Consulting cares for your safety online. Therefore, we provide managed web hosting packages that comes with basic web maintenance services. This means we look after the technical side of things while you focus on growing and expanding your business.