A client received an email like this, purportedly from BlueHost.com, their hosting company:
They sent it on to us for evaluation before clicking. I knew right away it was bogus, and a password phishing attempt, because of several reasons:
- Their email service had NOT been disabled, or they would not have been able to forward me this email. Duh!
- Client does not have a forum on their website.
- Big hosting services already have numerous safeguards in place to keep their mail servers from being blacklisted, and they are over-the-top obsessive about this, so it’s highly unlikely BlueHost’s mail server would have been blacklisted.
- Hosting companies will never ask you to click a link in an email. They want you to log into your actual account, or phone them, to do anything re: your services, for this very reason (emails are easy to spoof).
And, most importantly, the link they want you to click on doesn’t go to bluehost.com, but to some funky website named “marketing-connection.com.” They cleverly insert “my.bluehost.com” earlier on in the link to catch your eye and distract you from the actual domain towards the middle of the link, knowing that everybody’s eyes glaze over when we see a hairy long link like that!
Take-home messages:
- Train your eye to check for the real domain in any link. Start from the right-hand end of the link, then scan backwards from there till you hit a .com, .info or other domain extension. That’s the actual domain the link will go to. If it doesn’t match the domain the email is from, RED FLAG! Don’t click!
- Almost any aspect of an email can be “spoofed” (faked) except for the link itself.
- Never click on any links in emails supposedly from hosting companies or email providers. Call them instead (or log into your account and use the chat window) to get tech support help. Emails are easily fake-able – that’s why they are used to trick you. Logging into your hosting account on their website is safe.
- If you do click – never enter your username and password, ever. Never. Your real providers will never request that via an email.
- If you are a gmail user, report the suspicious email as “Spam” right away – that helps Gmail identify similar emails and keep them from getting through to others. It will be your good deed for the day.
Because of the success of two-factor authentication in cutting down on bad people successfully hacking into people’s Google or Paypal accounts, the hackers are being forced to work harder. This spoofing of emails from your hosting provider is an example of the new, higher-quality phishing scam emails, often perfectly mimicking the actual branding of your hosting provider.
So, be wise, be wary, and check for the REAL domain in any link before you click!