How can I identify a 20i phishing email?
Recently, we’ve noticed an increase in the number of phishing emails targeting our customers. This article will outline some the key things to look out for to help you identify a potentially fraudulent phishing email – and what to do if you receive one.
'Phishing' is when scammers use scam emails or other means of communication to trick victims into providing sensitive or personal information. These emails will often refer the recipient to a fake website. The site is designed to replicate the service that they are imitating. In the case of 20i, we’ve seen links to fake versions of our My20i control panel and Stackmail platforms sent out to our customers.
Some of the signs of a phishing email include:
- The email isn’t addressed to your name. Many phishing emails will address the recipient of the email with a generic term such as ‘Dear Client’ or just simply ‘Hi’ – we’ll never do that. On all automated emails from My20i, we’ll address you by the name that has been set on the Contact Details page within your My20i account.
- The email has been received through a different email address to the one registered on your My20i account. The phishing emails that have targeted 20i customers in the past have been sent to email addresses that are listed on websites that are hosted by 20i (or where the domain name is registered with us). In these cases, the perpetrators have scraped these websites for email addresses on contact pages/forms. Often, this isn’t the email address that we hold on your account. If you are a 20i reseller, this will likely end up being your customer’s email address. 20i will only ever send account management emails (such as domain renewals) to the email address associated with your My20i account. Remember, 20i will never communicate with your customers using the 20i branded email template.
- The email hasn’t been received from the ‘20i.com’ domain. All automated emails sent from ourselves will be sent from the ‘20i.com’ domain. If the email you’ve received isn’t, then it’s likely that you’ve received a phishing email. All messages we send are DKIM signed – if the email you’ve received isn’t signed then it most likely isn’t genuine!
- The information in the email isn’t correct. Does the email state that your domain name is up for renewal and you need to click the link below to renew your domain? However, when you check your My20i account the domain renewal is not due yet? If so, something might not quite be right!
- Poor written spelling and grammar. Although this isn’t always the case, many fraudulent emails will contain poor grammar and incorrect spelling – our automated system emails do not.
- Check the Email Notifications page in your My20i account. For any notification email that we send to you, there’ll also be a copy in the ‘Email Notifications’ page within your account (https://my.20i.com/account/notifications). If the email that you have received isn’t shown here then it’s most probably a fake!
What should I do once I have identified a phishing email?
- Don’t click any links in the email! Links inside these emails will often redirect you to deceptive sites designed to look just like My20i, Stackmail or StackCP. If you’re ever unsure about a link that’s asking for payment, we’d recommend heading to the ‘Email notifications’ page in My20i. If it’s there, you’re can be assured that it’s genuine.
- Don’t enter any personal information! If you’re dubious about an email that you’ve received, please don’t enter any of your sensitive information. Once you do so it is often too late and the criminals with already have your information.
- Contact 20i Support. Please provide the full email headers to our support team who will be able to pass them onto the 20i Abuse team. This information is invaluable in being able to detect where (and potentially who) the email has been from – and also helps us take action against the emails to prevent any more victims. You can also send the email directly (as an attachment, not forwarding it) to firstname.lastname@example.org.
What should I do if I do click on link/provide personal information?
- The first step would be to ensure that you update your My20i account password immediately. The quicker you update your password after entering into the deceptive site the lower the chance of the fraudster being able to access your account. We’d also advise that you update the password on any other services where you use the same email/password combination. However, we’d always recommend using different security information for every site you access, and making use of a password manager to keep track of everything.
- Add Two Factor Authentication. Two-factor authentication (2FA) adds another layer of security to your account which makes it more difficult for hackers to access your account. Once enabled, your logins to My20i can only be completed if both your password and an authenticator code is provided. We support TOTP authenticator apps, such as those from Google and Microsoft. See more: https://www.20i.com/support/my-services/two-factor-authentication-my20i
- Cancel/suspend your bank card. If you have entered your card details into the form then we would recommend contacting your bank and cancelling your card as soon as possible. Many banks allow you to suspend or cancel card directly through your online or mobile banking app without having to call them.