Username and Password Phishing

Have you recently received an email from а bank requiring immediate update of your contact data, otherwise your bank account will be suspended?

Until not long ago the phishing phenomenon was not so popular among Bulgarian web users. During the last few years, however, we all began noticing it.

Phishing emails concern not only banks and credit institutions, but also different types of business companies.

We remind you: Phishing is a fraudulent attempt aiming to obtain sensitive information such as usernames, passwords or credit card details, etc. For the purpose malicious persons first make an identical copy of the target login page. Afterwards they host the webpage copy on their server and domain, then they send emails containing a link to this copy. When users click on the link a familiar login form loads together with the appearance of a well-trusted website. So they enter their personal data without paying attention to the webpage’s URL. The website, however, is fake and instead of logging into it, users voluntarily provide their personal data that gets recorded in the malicious persons’ database as later it gets used for malicious purposes.

We recently witnessed a similar type of phishing activity related to the customer profile login page at SuperHosting.BG. Our customers using the abv.bg mail service warned us that some time ago they received a suspicious email sent on our behalf which asked them to click on a suspicious link and enter access credentials for their customer profile on our website.

Therefore, please pay attention: Always check the URL of the target page. It is possible for only one letter of the domain to be different and if you do not notice it, you might become a victim of a phishing attack.

Example of a phishing website

A copy of a login form on a phishing website
A copy of a login form on a phishing website

Details in the browser’s address bar

Check the URL in the browser's address bar!
Check the URL in the browser’s address bar!

8 Tips to Prevent Phishing Attacks

Whether it’s your customer profile with us or with another company or system, we would like to remind you a few tricks to prevent phishing attempts and protect your accounts.

  • Do not trust the sender’s field in the email that displays the sender’s email address. This field can be manipulated.
  • Pay attention to the email content and the spelling. If the message is in Bulgarian, but there are issues with the spelling and style of writing, this should ring a bell that something’s wrong.
  • Emails containing important links that should be followed are usually received in response to an action of yours. For example, after you register on a website, you often need to confirm your registration by clicking on a link sent to your email. In such cases you usually know in advance that you are about to receive an email and what it should contain. Did you perform such an action?
  • Do not click on links in messages without making sure the email has been sent from a trusted sender. Even if you have the slightest doubt, first check and think for the reason you might have received such an email.
  • There is a fast way of checking where the link leads even before you clicked it. Put your mouse on the link’s text without clicking directly on it. Look at the bottom left corner of the email client or another place in the interface where additional information is displayed.
  • If you have already clicked on the link and a website was loaded, make sure you checked the browser’s address bar. Is this the sender’s domain, is the domain extension the same, are there any letters missing or replaced?
  • Check if the website is using a secure connection and whether there is a green lock. You should never enter your login data on pages loaded over an insecure connection.
  • If you have the slightest doubts even after checking those parameters, contact the email sender, so that you make sure who the sender really is.

If you experience certain insecurity with an email whose sender is acting on the behalf of SuperHosting.BG, do not click any links. Open our official website and use the link for logging into your customer profile, located at the top right corner.

Madlena Metodieva
Madlena Metodieva
Madlena is our super-support-guru. Madlena's SuperPower is that she can explain even the most complicated technologies in plain language.
4 1 vote
.
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments