Following on from the recent phishing attack that was attempted against VPSExtra and some of our customers, we felt it was a good time to provide some free information on phishing and how to avoid it.
Phishing is a form of social engineering that criminals use to extract sensitive information. One of the most common methods of phishing is via email, and usually involves either impersonation of a legitimate organisation or infection of a business or individual’s network with malware to compromise its security and gain access. According to Hiscox, cyber breaches cost the average UK small business £25,700 in basic ‘clear up’ costs every year. Around half of these cyberattacks involve phishing.
Cybercriminals trick email recipients into providing sensitive personal information through copycat web forms and sites or opening an attachment that loads harmful malware or ransomware onto their system.
Malware-based phishing attacks against business networks can be very effective. Once one computer gets infected, if that computer is connected to the wider business network, the malware can spread throughout the entire system. These breaches can cause serious implications for a business should the malware spread to computers that contain particularly sensitive data.
Despite phishing emails having come a long way since the early attempts of the 1990s, there are still a number of telltale signs that may alert you to their malicious nature. Disclaimer: just because an email looks right on the surface, it doesn't necessarily mean it is. If you’re in any doubt, speak to either your IT department, the business in question using confirmed legitimate contact details, or get in touch with us at firstname.lastname@example.org.
The vast majority of legitimate companies are unlikely to send you an unexpected email asking for your credit card, bank information, passwords or other sensitive information. If you receive an email you weren’t expecting requesting this information, and in particular containing a link to log in and submit or confirm these details, there’s a good chance it’s a phishing email. If the email has come from a company you already do business with, contact the firm to double check using contact details that you know are legitimate.
VPSExtra will never send you unsolicited emails asking for sensitive information. If in doubt, please get in touch with us at email@example.com.
Phishing scammers often try to send their emails from an address that mimics a trusted contact or business. Double check the sender’s details and look at their email address in detail. Does it perfectly match the usual format for the company?
A legitimate email should have the sender’s company in the domain part of the address, following the @ symbol (for example,
Charles@vpsextra.com, rather than
Charles_VPSExtra@gmail.com). Unfortunately, simply having the brand’s name somewhere in the email address can fool people into believing the email is legitimate.
Be extra vigilant when checking this detail, as more sophisticated scammers can buy domains that make the sender’s address look almost identical, with added numbers or substituted letters, for example
Charles@vpsextra.com. (a common trick is to substitute ‘rn’ for ‘m’). If unsure, check the sender’s address against previous, confirmed legitimate emails you’ve received.
All billing related VPSExtra emails will come from @vpsextra.com, however, server notifications will come from either vpsextra.com (co.uk), cloudhosting.uk (co.uk) and uksrv.uk (co.uk) depending on the server type.
Legitimate cPanel notification emails from VPSExtra will be in the format ‘
firstname.lastname@example.org’ (e.g. if your site is hosted on Athena, the sender’s address would be
email@example.com depending on the notification). If in doubt, please get in touch with us at firstname.lastname@example.org.
Phishing emails attempt to mimic legitimate emails in order to trick you into revealing or submitting sensitive information. The quality of this mimicry varies, with some branding attempts appearing more authentic than others – yet there are usually telltale signs. Check any logos or other branding details carefully against the official company website and correspondence – is it identical, or an approximation? Are the proportions of the logo and graphics the same? Does the header and colour scheme match previous emails? Legitimate companies often spend a lot of money and time perfecting their branding so it should be consistent across all communications.
Some phishing scams are more sophisticated than others, so correct-looking branding on its own is not a sign of authenticity. If in doubt, please get in touch with us at email@example.com.
Another giveaway is a generic salutation. Companies that legitimately do business with you should know your name and customer reference. Salutations such as ‘Dear Sir/Madam’ or ‘Dear valued customer’ should be warning signs that the email is part of a phishing attempt. Be sure to check these details in any emails you receive.
VPSExtra will ALWAYS include your name in any email correspondence. Some automated notification emails sent from our fleet servers may alternatively reference your cPanel username
Legitimate emails are also often proofread by multiple people before being sent, particularly if they’re template emails sent to many customers. This makes written errors a relatively rare occurrence. Phishing emails, on the other hand, are often written by people with a poor grasp of English and are automated for the widest possible reach. Quality standards are usually low.
Check the grammar and punctuation. Phishing emails are often put through a spellchecker or translation tool, so the spelling of individual words may be correct, but their overall grammatical incoherence can be a giveaway.
Check for the types of grammar and syntax errors that a non-native speaker may make:
Everyone makes typos from time to time, but they’re usually picked up before a legitimate email is sent, and are often common human errors such as hitting an adjacent button when typing. If a supposedly official email contains the types of errors listed above, it’s very likely to be a phishing scam. In fact, scammers have been known to use emails containing poor grammar to help them identify recipients who may be more susceptible to further tactics.
All VPSExtra emails have a recognisable ‘VPSExtra’ tone of voice and are proofread by multiple people to ensure correct grammar and spelling.
Phishing emails often contain malicious attachments designed to spread malware into your network. Be extra careful if the email contains attachments that you either don’t recognise or are not expecting. Be on the lookout in particular for ‘high-risk’ attachment file types including .exe, .zip, .docm and .scr.
VPSExtra will never send you emails that contain unusual or unsolicited attachments.
Does the email tell you to act urgently or does it contain a veiled or explicit threat? Examples include ‘Send your details within 24 hours or your account will be cancelled’, or ‘Your account has been compromised – click this link immediately’. According to a phishing study by KnowBe4, the most-clicked email subject line globally in Q1 2021 was ‘Password Check Required Immediately’. A legitimate company would not force you to act immediately.
VPSExtra will never send emails demanding instant action or containing threats of consequences for failing to act immediately. If in doubt, please get in touch with us at firstname.lastname@example.org.
Phishing emails normally ask you to confirm information or go to an external site by clicking on an embedded link, again with consequences for failing to act. Hyperlinks will tell you that they link to a legitimate website, but the actual link will send you somewhere completely different, or even download malware directly onto your computer. To check embedded links, you can (carefully!) hover your mouse over them without clicking and see if the actual URL displayed matches where the text is telling you it will send you to. If it doesn’t match the link in the text, or the displayed link begins with something other than https:// then it’s highly likely to be a phishing scam.
VPSExtra will never send you emails with external links that ask you to provide details to a third party. If in doubt, please get in touch with us at email@example.com.
As well as the above telltale signs, there are several common phishing email tactics that criminals employ in order to compel you to open and click:
If you’ve received an email which you’re not quite sure about or which raises your suspicions, there are some steps you can take:
If you’ve already clicked on the email or opened the attachment, you can follow these steps to try to minimise any potential threat:
There are a number of measures you can take to protect yourself and your business from cybercriminals attempting to gain access to sensitive data:
Phishing presents a serious threat to the data security of businesses. However, through a combination of robust cybersecurity policies, training and ongoing vigilance, these threats can be mitigated.
If you receive an email purporting to be from VPSExtra and it displays any of the signs listed in this blog, please do feel free to get in touch with us directly to confirm its legitimacy. You can also forward suspected phishing emails to firstname.lastname@example.org to help us take action against cybercriminals who are targeting us or our customers.