2.24.3.10. Phishing emails

Phishing is a type of fraud that aims to obtain confidential data for further use by third parties. Quite often, phishing is spread through emails that include important or highly engaging content. For example, phishing aimed at obtaining logins and passwords for mailboxes is very common. For this, letters are sent informing about the need to pass verification or check the disk quota in the mail service. In this case, the letter itself will contain a link or a button directing to a full or partial copy of the authorization page of the target service.

It is often quite difficult to determine whether an email is phishing or not, therefore, when working with emails that explicitly or indirectly request confidential information, you should adhere to certain rules:

• You should be extremely careful about letters in which, explicitly or indirectly, they urge you to enter confidential data on some page. No service will ask for data that has already been provided earlier, so such an email will most often be phishing.
• You should always double-check the links that are provided in the letters. If you received a letter from the adm.tools service, but the link in the letter leads to service.tools, it is better not to click on it and instead go to the official website of the service, from which the letter allegedly came, where to double-check all the necessary actions or contact technical support for for more information.
  Advice When you hover over a button or link in the lower left corner of the browser, a full link will be shown, to which the transition will be made.
• It is recommended to pay special attention to letters sent from allegedly trusted persons. Some domains do not have SPFrecords, in this connection, sending letters with the substitution of their domain is quite real, therefore it is better to once again check with the sender via other communication channels regarding the received letter.
• If the letter was sent from the same mailbox to which it came, or from the same domain, then it follows check in more detail.
• You should not download suspicious files, no matter what extension they have. This rule applies not only to devices running on Windows, now a huge amount of malware exists for all platforms, including macOS, iOS, Linux, Android and others.
• Emails that include the recipient's personal information do not always mean that attackers have access to any confidential data, so it is better to place such emails in spam. This rule especially applies to letters with threats of hacking or dissemination of information. An attacker who has access to personal information will not ask again about its further use with extortion of something, especially since a huge part of personal information can be found on the Internet, mostly in open sources, for example, site contacts or personal pages in social networks.
• Try to post as little personal information as possible that could be used for phishing.
• Always set to the highest level antispam, if possible. Antispam can reject a large number of suspicious emails.
• Received suspicious or clearly phishing emails should be placed in spam and the sender should be blocked. On our hosting, this can be done using blacklist or WebMail filters.

If you are a victim of phishing, you should take appropriate action as soon as possible:

• Hosting account security:
  • Change your account password.
  • Turn on 2-Step Verificationif not configured yet.
  • Reset or disable concurrent sessionsif they were included.
• Change all possible passwords that exist:
  • FTP user passwords.
  • Database user passwords.
  • Mailbox passwords.
  • All passwords within existing sites, as there is a high probability that the data could have been stolen.
• Do not set a similar password or password consisting of personal data, for example: year of birth, first name, last name, part of the phone number, etc. There is a separate area for the selection of such passwords - social engineering.
• Review which sites or services used the data that was stolen, and change it urgently.
• If possible, set up two-factor authentication on all available services.

• Mail blacklist
• Filtering emails in Webmail
• Letters sent from myself
• Hacking protection recommendations