Before launching into our standing weekly website design meeting, my client mentioned they’d received a rather alarming email with the Subject line:
Subject: FW: Disabled your outbound email services temporarily
“What do I do?” asked my client. I said, “Forward me the email and I’ll look into it” after our call.
I proceeded to launch into the content changes for the client’s website. During the course of the conversation I realized, I hadn’t yet received the email about the outbound email problem. I asked my client if it was sent. Yes, it was.
Deciding that it was odd, I hadn’t received it, we agreed to suspend the call so I could look into the problem using a photo of the email sent to me via text. Just as I hung up the phone, the email arrived. This was a relief, but also made me realize this email was probably a spoofing and phishing attempt. Below is a screen capture of the email.
This scam email uses multiple methods to trick the recipient. Spoofing because, the email (shown below), definitely implies it is from Bluehost, a well known web hosting and email provider, but it isn’t. Phishing because they have a call to action (the link) which will most likely attempt to gain your BlueHost passwords or other confidential information. But more specifically this email is considered spear phishing because this scammer, addressed the email to the company and took the time to find out this company’s hosting provider.
The writers of this phishing attempt are very consistent in their attempt to make you believe they are actually with bluehost.com, a reputable hosting company, and the hosting company of my client.
- One, they make the from address look like the email is coming from Bluehost.com.
- Two, they include the actual bluehost.com websites and support phone numbers in the signature.
- Three, they used the client’s company name in the salutation implying they have business relationship
- Four, they put the bluehost.com domain in the call to action link, but the link doesn’t go to bluehost.com. When attempting identify a phishing email, it’s most important to pay attention to how the link ends, which is highlighted in yellow above, acquacomm.com.
If there is any reason in an email to doubt its legitimacy, but you’re just not sure, you should call a trusted IT provider, as my client did or contact the reputable company directly. Either go to the legitimate website using a browser (not through a link in the email) or call a phone number on an invoice and contact support to verify if there is a problem. If the company in question, is being spoofed in an attempt to phish information from you, they will confirm they didn’t send the email. But if the email is legitimate they will confirm the problem and assist you in resolving it.
My customer was happy that Creativity IT was able to quickly identify that this email was a scam and that their domain was not on an email blacklist as suggested in the email. We helped them to change their email and hosting passwords to be safe.
We field support calls like this everyday and we don’t think any of these questions are dumb because everyday nefarious people will do whatever they can to trick you into giving up your account logins, passwords or personal information.
If you are interested in website maintenance, internet presence and internet related IT support for one low monthly fee, take some time to check out our Internet Presence Service Contract.