I got an email that says I’ve exceeded my email mailbox storage quota and that I need to log in to confirm my account so they don’t delete all my email messages. But it’s not from my hosting company!? What’s going on?
Ah yes, you’ve been hit with what’s known as a phishing attack, an email that has nothing to do with your hosting, your email or anything else and is simply an attempt to get your account and password so the bad guys can hijack your email account!
Even when an email like that comes from your hosting company, I’d be skeptical and either log in to my admin interface through the usual SSL connection or call them up and confirm before I entered a password. And remember the standard mantra: never log in to a page you reached by clicking on a link in an email message, however legit it looks.
To keep you safe, I’ve gone through the process of “confirming my email” with a phishing attack (of course with fake credentials!) so you can see what happens.
Here’s a message I received in my inbox:
Looks more or less legit with its progress bar and such. Of course, the fact that it doesn’t actually identify my hosting company is a bit suspicious, but let’s say I wasn’t paying super close attention to that part. But wait! I simply hover my cursor over the embedded “Restore” link and my email program shows the destination page:
A quick reverse IP lookup (since I know how to interpret the results) shows that it’s actually a link to a Web server in Kuala Lumpur, of all places. Definitely not where my email is hosted!
Perhaps I’m still not paying much attention, so I click through. Here’s what I’d see:
Where’s my hosting company’s logo? Where is some information that assures me that it’s actually my hosting company not someone else’s company? Of course they’re all missing, because this is a phishing attempt: a crude hack to try and have me enter my email address + username + password so that the criminals in Kuala Lumpur can quickly log in and hijack my account.
No! Don’t do it!
But worst case, if you do enter the data and submit it, here’s the final confirmation:
Could be worse, could say “Gotcha!” but they probably need some time to do their nefarious deeds. If for some reason you did get this far, immediately log in to your real hosting company’s site and change your password. IMMEDIATELY.
Then you might call your hosting company so they can be alerted to the fact that there might be some attacks on the account.
But better is always to be super skeptical, and if you get an email that seems odd, do some research before you entrust something as important as your home address, password, credit card numbers or similar to a Web page, however legit it looks.