Have you gotten an email giving you a short window to pay for the renewal of your service, at the risk of it being deleted? It was probably a fraudulent attempt to extort your money.
How can you identify it? What should you do? Read on to find out more.
Defining spoofing and phishing
For the past few months, Gandi customers have been targeted by several, continuously evolving phishing campaigns. These emails attempt to trick you into giving the attackers your login or your bank account information.
Spoofing is when someone sending an email makes it seem as though the email was coming from someone else (in this case, Gandi) in order to trick third parties into providing information that they would normally trust the supposed sender of the email with.
Phishing is an attempt to steal login or bank account information.
Recognizing a fraudulent email
September 7, 2021 update:
The subject lines of new phishing campaigns are regularly updated. Over the last few days, the subject lines we have documented are:
- Renouvellement nécessaire !
- <domain> arrive à épuisement
- Rappel avis important <domain>
In order to help you to recognize these emails, here are some screenshots of their content:
These messages pretend to be Gandi.net and exploit a sense of urgency in order to try to get your bank account information.
How to react to phishing
If you have received either of these emails, do not under any circumstances click the link in them.
- Log in to your Gandi account independently in order to verify the renewal date on your domain name(s).
- It is not necessary to open a ticket with our Customer Care team or to forward us the email in question.
If you clicked the link and logged into the fake version of Gandi’s site
You should assume your password has been compromised.
We strongly suggest you connect to your Gandi account at https://www.gandi.net and change your password as soon as possible
For more information on how to change your Gandi password, see our documentation: https://docs.gandi.net/en/account_management/changing_account_information/change_password.html
If you made a payment by credit card on the website linked in the phishing email
We strongly suggest you immediately report the transaction to your credit card company or bank.
They will be able to tell you what to do next, specifically how to file a report with the relevant authorities.
As with all email and hosting providers, Gandi’s technical teams are also working to deploy countermeasures to limit the impact on our customers.
In the face of these countermeasures, scammers are themselves constantly evolving their capabilities by changing email addresses, the message content, or the website used.
If you’d like to know more, please feel free to check out this article on the subject: https://docs.gandi.net/en/gandimail/faq/spoofing.html
As a reminder, whenever you receive a request for payment, always navigate directly to https://www.gandi.net in your browser to complete it.