Spoofing, phishing, and Gandi: what you need to know

Jun 24, 2019  - written by  in Domain names

Have you gotten an email giving you a short window to pay for the renewal of your service, at the risk of it being deleted? It was probably a fraudulent attempt to extort your money.

How can you identify it? What should you do? Read on to find out more.

Defining spoofing and phishing

For the past few months, Gandi customers have been targeted by several, continuously evolving phishing campaigns. These emails attempt to trick you into giving the attackers your login or your bank account information.

Spoofing is when someone sending an email makes it seem as though the email was coming from someone else (in this case, Gandi) in order to trick third parties into providing information that they would normally trust the supposed sender of the email with.

Phishing is an attempt to steal login or bank account information.

Recognizing a fraudulent email

Two campaigns are currently underway. One uses the subject line “Régulariser votre situation !!!!” (roughly, “Pay your charges”), the other “Non renouvellement” (“non-renewal”).

In order to help you to recognize these emails, here are some screenshots of their content:

These messages pretend to be Gandi.net and exploit a sense of urgency in order to try to get your bank account information.

How to react to phishing

If you have received either of these emails, do not under any circumstances click the link in them.

  1. Log in to your Gandi account indepdently in order to verify the renewal date on your domain name(s).
  2. It is not necessary to open a ticket with our Customer Care team or to forward us the email in question.

If you clicked the link and logged into the fake version of Gandi’s site

You should assume your password has been compromised.

We strongly suggest you connect to your Gandi account at https://www.gandi.net and change your password as soon as possible

For more information on how to change your Gandi password, see our documentation: https://docs.gandi.net/en/account_management/changing_account_information/change_password.html

If you made a payment by credit card on the website linked in the phishing email

We strongly suggest you immediately report the transaction to your credit card company or bank.

They will be able to tell you what to do next, specifically how to file a report with the relevant authorities.

As with all email and hosting providers, Gandi’s technical teams are also working to deploy countermeasures to limit the impact on our customers.

In the face of these countermeasures, scammers are themselves constantly evolving their capabilities by changing email addresses, the message content, or the website used.

If you’d like to know more, please feel free to check out this article on the subject: https://docs.gandi.net/en/gandimail/faq/spoofing.html

As a reminder, whenever you receive a request for payment, always navigate directly to https://www.gandi.net in your browser to complete it.