Today we've seen a targetted phishing attempt against our customers, get more information about it and protect yourself with 2FA.
Today we have seen what looks to be a serious and widespread attempt at targeting our customers with a phishing email. The email used SiteHost branding, threatened account suspension and encouraged the recipient to click a fake link to our Control Panel that redirected to a phishing website.
While we’re not aware of this phishing attempt having any success and the website has already been shut down we’re still watching closely. If you believe you may have clicked the link and filled out the form please let us know, there’s no shame in this, we just want your accounts to be secure.
This is also a timely reminder to enable two factor authentication on your account (and your accounts around the internet), it is the single biggest thing you can do to protect yourself against these sorts of attacks. Having two factor authentication on your account means even if someone gets hold of your username and password they still won’t be able to log in unless they also have your second factor device (usually your phone). It’s simple, fast and free to set up, just follow the steps in our knowledge base.
At the moment we believe the email addresses used in this attempt were harvested via leaked databases (such as LinkedIn et al) and compared with whois information to build a list for the attempt and not through any method that raises security concerns. One of the key reasons for this is we received an attempt to one of our own email addresses that is not stored in our system and only exists on a domain we have registered elsewhere for redundancy purposes.
We’re thankful that one of our eagle eye customers spotted the email and raised it with us, allowing fast action to be taken. You can see a copy of the email below for reference and as always if you have any questions or concerns please get in touch.
The phishing email - see if you can spot all the ways you could know it's not from us. We spot around six.
PS: Enable Two Factor Authentication
PPS: Seriously, Enable 2FA