Like all ISPs, once in a while, our email users get hit with a phishing scheme. Generally, they’re poorly done and obviously fake, at first glance. This weekend we got hit by a particularly nasty one.
As you can see, it looks pretty sophisticated: not too many obvious typos or grammatical errors. And they stole our logo and header!
This email started hitting our mail users at around 9:30am last Sunday. As it happens, one of the first people to notice was our Chief Technical Officer, Chris Neklason, who right away saw it was a potential security threat to our users and alerted our support team. We immediately contacted the company hosting the rogue site, as well as our email filter provider. Within a couple of hours, the rogue site was taken down and the email had been blocked and deleted from our users’ inboxes. But not before about 100 of our eagle-eyed and responsible customers had notified us of the email and, sadly, a few folks had clicked through.
A couple of things to take away from this:
1. Cruzio has your back
We identify these threats quickly and we have tools to quickly neutralize them. If you do get fooled — and it happens to everyone — change your password and contact us immediately.
2. There are always tell-tale signs
Even though it was a relatively good phishing attempt, there are a few obvious clues in this that reveal it to be spam pretty quickly. First, the actual sender was not an @cruzio mailbox, it was a totally different domain. Secondly, none of the clickable links in the email pointed to the Cruzio site. Pro tip: you can always see where a link is pointing before you click it by hovering your mouse cursor over it — depending what mail tool or browser you’re using, the destination URL will show as a pop-up or in the lower part of the window you’re in. If you do happen to click on the link, most web browsers catch scams fast and almost immediately flash a warning on the page.
As a reminder:
* Don’t enter personal information into any site you’ve reached via email unless you’re 100% sure it’s legitimate. If you have even the slightest doubt, contact the company
* The more information an email asks for, the more suspicious you should be. For example, no one should ever want your Social Security number from an email message
* The more urgent the message, the more suspicious you should be
* There are so many scams, we can’t report every one. But if you see one you feel is serious, or if it’s for a small company, report it to the FBI https://www.ic3.gov/complaint/default.aspx
Bottom line: if you ever have any doubts about an email that purports to be from Cruzio, play it safe and contact us at cruzio.com/contact or call us at 459-6301 x2. Cruzio is keeping an eye out 24/7, 365 days a year to ensure your security.
Be safe out there!