Phishing, spoofing… News for the front.

10.18.2018 - written by  in Security

For the past couple of months, Gandi and its customers have been the target of ever-evolving phishing schemes. These schemes have been trying to obtain your Gandi login codes and credit card informations.

The most recent attempt has taken the form of a fradulent email in French that is addressed to our customers with a subject like “example.com – Refus de paiement”.

This email contains a link that goes to a page that imitates the gandi.net website, in order to trick customers into logging in and making payment.

If you got this email, under no circumstances click on the link in the mail. If you want to verify your account at Gandi, only do so by manually entering our address in your browser’s address bar.

If you have ignored the mail and deleted it, then there is nothing else you need to do. There is no need to open a customer support ticket or forward the mail to us.

If you entered your login details on the fake site referred to in the mail, your password has probably been revealed to those responsable for this phishing attack. We strongly urge you to log into your Gandi account at  https://www.gandi.net and change your password without delay.

If you made a payment by credit card via the site made accessible in the fradulent email, you should immediately contact your bank to dispute the credit card charge. Your bank will also be able to inform you of all the subsequent necessary steps to follow in order to minimize the damage on your end and file a complaint.

To counter these phishing attacks, our technical teams (just like other email and hosting providers) take measures to limit their impact to our customers. As a response to these counter measures, the attackers change their phishing attack strategies by constantly changing the sender’s email address, the content of the message, and/or the websites used.

In the past couple of days, the phishing attack has evolved, since the emails are now pretending to be sent from an email address linked to the domain name of the customer being targeted.

This method is known as email address “Spoofing“, and is done to make the person think that their email address has been hacked. This is, however, not the case. Quite simply it is yet another trick. For more information on this, please see our documentation at EN https://docs.gandi.net/en/gandimail/faq/index.html#spoofing

As a reminder we recommend that you log in to our site at https://www.gandi.net for each Gandi billing request.