Alerts and incidents Getting started

Spoofing, phishing, and Gandi: what you need to know

spoofing and phishing

Have you gotten an email giving you a short window to pay for the renewal of your service, at the risk of it being deleted? It was probably a fraudulent attempt to extort your money.

How can you identify it? What should you do? Read on to find out more.

Defining spoofing and phishing

For the past few months, Gandi customers have been targeted by several, continuously evolving phishing campaigns. These emails attempt to trick you into giving the attackers your login or your bank account information.

Spoofing is when someone sending an email makes it seem as though the email was coming from someone else (in this case, Gandi) in order to trick third parties into providing information that they would normally trust the supposed sender of the email with.

Phishing is an attempt to steal login or bank account information.

Recognizing a fraudulent email

September 7, 2021 update:

The subject lines of new phishing campaigns are regularly updated. Over the last few days, the subject lines we have documented are:

  • Renouvellement nécessaire !
  • <domain> arrive à épuisement
  • Rappel avis important <domain>

In order to help you to recognize these emails, here are some screenshots of their content:

example fraudulent email

Recognizing a fraudulent mail

These messages pretend to be Gandi.net and exploit a sense of urgency in order to try to get your bank account information.

How to react to phishing

If you have received either of these emails, do not under any circumstances click the link in them.

  1. Log in to your Gandi account independently in order to verify the renewal date on your domain name(s).
  2. It is not necessary to open a ticket with our Customer Care team or to forward us the email in question.

If you clicked the link and logged into the fake version of Gandi’s site

You should assume your password has been compromised.

We strongly suggest you connect to your Gandi account at https://www.gandi.net and change your password as soon as possible

For more information on how to change your Gandi password, see our documentation: https://docs.gandi.net/en/account_management/changing_account_information/change_password.html

If you made a payment by credit card on the website linked in the phishing email

We strongly suggest you immediately report the transaction to your credit card company or bank.

They will be able to tell you what to do next, specifically how to file a report with the relevant authorities.

As with all email and hosting providers, Gandi’s technical teams are also working to deploy countermeasures to limit the impact on our customers.

In the face of these countermeasures, scammers are themselves constantly evolving their capabilities by changing email addresses, the message content, or the website used.

If you’d like to know more, please feel free to check out this article on the subject: https://docs.gandi.net/en/gandimail/faq/spoofing.html

As a reminder, whenever you receive a request for payment, always navigate directly to https://www.gandi.net in your browser to complete it.