If you received this type of phishing email, don’t click any of the links. They are new frauds & hackers who came to the town very recently (November 2021).
In this post, I will tell you the following:
- What is the purpose of their phishing email
- What will/may happen once you clicked their links
- What to do if you already clicked their link (s)
Don’t worry! I will keep this very short.
The purpose of their phishing email
Their main purpose is to hack your hosting account and websites. But there are others that you can’t imagine at this moment.
The email platforms/providers are intelligent enough to sort out the spam & phishing emails.
But the problem is- this exact group of frauds is sending you emails using (actually masking) your email. If you look at your email more closely, you’ll see that the sender is also you (email@example.com).
As a result, the email providers thoughts that it’s a safe sender because you’re already communicating through other/similar email accounts that end with your domain.
And if you’re blocking the sender, that means you’re about to block one of your users (firstname.lastname@example.org).
What may happen when you click the links
As per our (me, my coworkers & security expert) observation, their links are designed to send your hosting username, password, etc to them.
You may think that you need to click those links to fix the issue or increase the disk quota. But in reality, you are sending your username and password to them.
Also, they can install unexpected extensions to your browsers, and software to your device. That may help them to scam you in the future.
They masked your email before sending you the phishing email. At the first sight, it seems that the sender is one of your team members. But it’s not the case. Actually, it was a phishing email where your email address is masked by another email address. These emails are not sent from your server.
What to do if you already clicked their link
If you already clicked their links do the following:
- Immediately change your hosting password and enable two-factor authentication. And do the same thing for your website logins.
- Check for your browser if their is any unknown extensions are installed. If there is, then remove it. And do the same thing for your device.
- If it’s already hacked, contact your hosting support immediately.
- Be proactive for the future.
Honestly, I also received the same phishing email. But I marked it as spam at the first sight & ignored it. A few days later, I kept asking about the same type of phishing emails from my clients. Not all they were tech-savvy. A few of them did mistakes.
So if it’s you who received a similar phishing email, take action wisely. Hopefully, it’s not too late yet.