COMMON SCAMS
(aka Phishing)
Fake Emails, Telephone Call Scams
and Protecting Yourself From Scams
Q. What is phishing?
Answer:
Phishing is an attempt from an unknown source to steal your money and personal information, ie: identity theft. It may be in a pop-up window, instant message, chat-room message on a webpage. It may also be in email or by phone. All of these are attempts to trick you into submitting personal information, which is then used to steal your identity.
There are countless known scams and countless new scams being devised even as you read this. For specific examples, please see the government of Canada’s Anti-fraud Centre’s list of known scams.
Fake Email
Remember, neither Crosswinds or the providers of cPanel will ever send email asking you to upgrade or verify your accounts by clicking on a link.
In fact, it is extremely unlikely that anyone from cPanel will be contacting you, because it is simply an administration panel that crosswinds has installed.
By the same token, Crosswinds will never email to ask you to verify your ftp settings. Ever. The subject lines of these emails vary but phishers will do everything they can to make it look like the emails come from crosswinds.
If you receive email with phrases like “Dear your_email_address” or “we kindly ask you to take a few minutes to confirm your FTP details“. Remember, not only will crosswinds always address you by your name, but they will never need to confirm your FTP settings unless you ask them to do so.
It’s a good policy to immediately delete scam emails – never reply to them, not even to complain. Replying simply confirms that your email is a viable one and opens up the opportunity for the scammer to send you more scam emails and/or sell your email address to other disreputable companies.
Under no circumstances should you click on any links in suspect email or open any of its attachments. This includes clicking on “unsubscribe” links (you do not want these phishers to confirm that they have managed to get to a viable email address).
Instead, ignore and immediately discard any suspect email.
Here is an example of scam email from Brett M.Christensen’s article, cPanel ‘Account Verification’ Phishing Scam, on Hoax-Slayer.com:
Subject: Your cPanel Account Verification
Dear client,
Our Technical Services Department are carrying out a planned software upgrade. Please login to re-confirm your account.
To login, please click the link below:login.cPanel.net
This instruction has been sent to all our customers and is obligatory to follow.
Thank you,
Customers Support Service.
Whenever something you read seems a bit fishy, see if it has already been reported on the Snopes website at www.snopes.com or Hoax-Slayer at www.hoax-slayer.com. Scams are often recycled every few years.
Q. How do you know if emails are fake?
Answer:
- Look for spelling errors. Many scammers don’t spell words correctly; sometimes their sentences don’t read clearly.
Other scammers are more savvy and the email you receive might look as if it came from a legitimate company. Some scam emails may claim to be about your cPanel and FTP settings. The logo pictures and words on the links will appear to be correct. A first clue on a false link is that it points to a non-secure URL, ie: one that begins with http://. To see where the link points, hover (don’t click!) your mouse pointer over the link. Read what appears at the bottom of your browser window. Virtually all scammers will use http: instead of the secure link https:
Your crosswinds cpanel is ALWAYS accessed via a secure connection, ie: one that begins with https://. Note the “s” at the end. This stands for “secure”.
A bogus link will open to a fake web page that might look JUST like the one you are used to seeing. It will ask you to login. After supplying your details and clicking the ‘log in’ button, you will receive a message that your account has been confirmed. Sadly, this is not at all the case. Your details are now in the hands of criminals.
Remember! Always log into your CPanel by going to yourdomain.net/cpanel. This will automatically take you to crosswinds secure connection to your cpanel at https://cwpro3.crosswinds.net:2083
You should only access your cPanel or your FTP site using secure methods (SFTP, SSH, HTTPS, etc). By using this secure encrypted connection method, hackers will simply move on to an easier target. - Any unsolicited email asking for your help in moving money out of a country is a variation on an ancient snail-mail scam. If it seems too good to be true, it is. Never give out your bank account information to anyone you do not know. Never go to meet anyone who says they will give your money back.
- Unsolicited email asking for your password is always false. Neither Crosswinds nor your bank, financial institution, Facebook, Twitter, Live Journal, WordPress administrators will ever ask for your password in an email.
- Unless you gave your email address to UPS, FedEx, or the IRS, they have no way of knowing it. Emails claiming to be from them are scams. Delete them without reading them.
- Unsolicited email asking for medical help, help to get relatives out of jail, or from secret admirers wanting to meet you are inevitably bogus. Most of these emails are simply asking for money. Delete them.
- Any unsolicited email claiming you have been sent a scanned document that you must to pay for is a scam. Some of these emails may have the name brand of the printer in the Subject line of the email.
- Some scammers will send email with nothing except an instruction to open an attachment. Sometimes there is nothing at all in the body of the email. The attachment might be a .pdf file; it might be an .exe file. Whatever kind of file the attachment is, it is a trojan horse. Do not open the attachment. Discard both the attachment and the email.
Fake Email Examples
Here are a few examples of spam emails that have been sent, shown on Phish Bowl: Fraudulent email examples on it.cornell.edu :
In this email example, there was nothing in the email body and only a .pdf attachment. Always be suspicious when a subject line is in all uppercase letters!
Subject: PLEASE OPEN YOUR ATTACHMENTS AND GET BACK TO ME THANKS
Date: May 28, 2014
Note in the following that not only has the network server been unidentified by a company name, the URL points to an unsecure website:
Subject: Help Desk
Date: March 11, 2014
There has been an upgrade on the network server and this might affect your account.
To safe guard your mail box, please follow the link below.
http://auth-itteam.atwebpages.com/os-auth.php
Regards
IT Support Team.
The biggest red flag in the example below is “CLICK HERE” (it pointed to a fraudulent website). If you are concerned that your crosswinds email account might be reaching its maximum limit, remember that you can login to your cPanel to change the limit for your email. (See our article on Email Setup for more details.)
Subject: low storage space
Date: March 10, 2014
Your E-mail box has reached its maximum limit of storage and Your account will be disabled if you do not update now.
CLICK HERE and follow the instructions to upgrade to more storage space Your account will remain active after you have confirmed your account successfully.
Admin Help-desk.
The following example is from the article Phishing Wave to Sniff FTP Credentials at symantec.com. It is a little more sophisticated with the phishing URL containing a user’s email address and the domain name of a Web hosting service provider. When the FTP credentials are entered and the “Confirm FTP Access” button has been selected, the users are directed to their own hosting site that is specified in a “service=” tag. Click on the link provided in the spam message will lead the users to open an “FTP access confirmation” page where their FTP credentials are stolen. Attackers employ a phishing cPanel page to make things look legitimate.
Subject: [hosting domain name] web hosting update
From: autoremailer@[hosting domain name]
Dear user of the [hosting domain name],
Due to system maintenance, we kindly ask you to take a few minutes to confirm your FTP details.
Please confirm your FTP details by using the link below:
http://cpanel.[domainname].com/scripts/cpanel-ftp-confirmation.php?session=22744659135235102815920363790759075943826&emailxxxx&service=xx
[hosting domain name] webhosting service
Never use a link in an email to access your cPanel!
At the risk of being repetitive, always log into your cPanel by typing the URL into your browser yourself: yourdomain.net/cpanel. This will automatically take you to crosswinds secure connection to your cPanel at https://cwpro3.crosswinds.net:2083
As Symantec says, “giving up your FTP details may lead to a further loss of confidential data, the hosting of illegal websites (child pornography sites, phishing sites, etc.), and/or delivery of malware to the victim’s computer by the attacker.”
Delete all suspect emails immediately without forwarding or replying.
Telephone Call Scams
Q. How do you know if phonecalls are illegitimate?
Answer
- If you have call display on your phone, often the number will be labelled as “unidentified source”. Also, the caller will often launch directly into a spiel, without any real identification and simply by saying “hello, how are you?” or “is this the owner of the house?”
In these cases, before telling the unknown caller anything about yourself, always ask who is calling and who the caller wishes to speak with. If the caller miraculously knows your name, ask for the caller’s name, company name and address and how your number was selected. When you establish (usually quite quickly) that the caller has no business calling you, politely but firmly tell the caller to take your number off their list and not to call you again. Hang up, even if the person begins to argue with you. - Calls from robots (a recording) are invariably scams. Under no circumstances should you press any key to “speak to a live operator” or “remove yourself from the calling list”. Immediately hang up.
- Unsolicited phone calls from someone reporting that your computer has a virus or it needs to be patched are actually attempts to get your bank account, debit card, and/or credit card information. A call like this may also be an attempt to take control of your home computer and use it to attack other computers. Politely but firmly tell the caller to take your number off their list and not to call you again. Hang up, even if the person begins to argue with you.
Unless you contacted your company’s technical support office, or other support group, the caller has no way of knowing whether your computer has a problem. - Any unsolicited call offering to clean up your credit are scams. Politely but firmly tell the caller to take your number off their list and not to call you again. Hang up, even if the person begins to argue with you.
- Any unsolicited call asking for donations, but refusing to give the name of the charity is false. If you want to donate to a charity, contact the organization(s) you want your money to go to. Politely but firmly tell the caller to take your number off their list and not to call you again. Hang up, even if the person begins to argue with you.
Protect Yourself
Q. How do you prevent illegitimate people from contacting you?
Answer
- Never reply to email that requests financial information, even if it appears to be from a trusted source. Never reply to emails from unrecognized senders. Never open any links in suspicious emails, instant messages, or chat-room messages.
- Use a spam filter, anti-spyware program, anti-virus program, and a firewall on your computer.
- Only communicate personal information over the phone or through a secure website (with the prefix https://. It is safe to give personal information on the phone only if you initiate the call to a secure phone number. Always return calls by using a telephone number to the company from a credible source such as a phone book or a bill. Never call a number that you have been given in an email.
- Avoid sharing your phone number, address, Social Insurance number, Bank Account number, etc. etc. on Social Network Profile pages, even if you have chosen “only me” for who will see this information.
- Never share personal information via email, even if you know the recipient of an email. It is too easy for tech-savvy unauthorized sources to gain access to or intercept email.
- Avoid accessing your email on public computers. Information is temporarily stored on a computer’s local disk and can be retrieved if it is not properly deleted.
- Check your credit reports often to ensure that no unauthorized transactions have been made.
- Change your passwords both on your login and for FTP. Always choose a secure password. (Include a combination of at least three (3) upper and/or lowercase letters, punctuation, symbols, and numerals.) Never, under any circumstances, tell anyone else your password. Nor should you ever recycle other passwords. If you have other users for your site or FTP, make sure your users scan their computers for viruses and malware before giving them their new passwords.
- Make sure that any part of your site that uses a database (WordPress, Joomla, Drupal, phpBB) is up to date. If you run an earlier version, you are vulnerable. Make a back-up of your site first then update to the latest stable version. Make sure that all plugins are up to date as well.
If you suspect that there is malware infecting your website, you can remove it manually via FTP, use a Plugin like WordFence if you are running WordPress, or reinstalling the software. Remember that reinstalling the site software may cause all your content to disappear. If you have not already taken a backup of your site content, do it before reinstalling. - Do frequent scans for malware that might be lurking in your computer. On a Mac, you can download a free utility called Sophos www.sophos.com/en-us/products/free-tools.aspx. On Windows, you can get a malware scanner and removal utility from Microsoft www.microsoft.com/security/pc-security/malware-removal.aspx.
If You have been Caught
If you think you have been a victim of a phishing scam, you should always report it to the company that was being mimed and the national authorities on fraud prevention. Also contact your bank/financial institution or credit card company to alert them.
If you are in Canada: If you have been a victim of fraud and have inadvertently given out information about your credit card, Social Insurance Number, bank account, website password, etc. etc. to one of these suspicious emails or phone calls, report to 1-888-495-8501 or https://www.antifraudcentre.ca as well as the institution that it appears to be from. For more information, please see RCMP: E-mail Fraud / Phishing.
If you are in the United States: To report cases of fraud, contact the company that was mimicked and your nearest FBI office https://www.fbi.gov/ or the Federal Trade Commission (FTC) at spam(at)uce.gov. Please read more at FBI – Common Fraud Schemes, Internet Fraud and FTC – Identity Theft.
Fraud: Recognize It, Report It, Stop It.
Our other pages on scams:
– Beware of internet scams
– Domain Name Scam – Crosswinds specific