What do Spoofing, Whaling, and Phishing have in common? They are all scams that utilize email and rely on the recipient being convinced to take a specific action.
Email spoofing is someone (or a machine) that sends emails pretending it is from someone else. Recently there has been an increase of spoofed emails appearing to come from Rackspace, the email hosting provider we use at Vivid Image. It can trick a user into thinking it is Rackspace, but that isn’t the case. See example below:
Most of these are phishing attempts to collect sensitive, personal information from the email recipient. Many of these emails include a link, requesting that the recipient click the link to reactivate or restore their email account. This will never be the case & these are NOT legitimate emails.
What Should You Do with Spoofed Emails?
If you receive an email that appears to come from Rackspace, do not click on any links within the email, download any attachments, or provide any personal information.
All communication from Rackspace will come directly to us at Vivid Image to handle.
- If you do receive an email like this in your mailbox, the first step is to mark it as spam/junk mail. This way, any future emails from the same exact address will not make it into your inbox.
- The second step is to delete the email.
Phishing is an email scam targeting an individual, but on a larger scale, millions of people receive one or more of these every day. Phishing emails tend to focus on tricking someone into clicking on a link and entering a username, password, or other information that is tracked or entered into a non-legitimate website.
Unfortunately, phishing attempts in general are on the rise, (not just appearing to come from Rackspace). Here are a few reminders about best practices with email:
- If ever in doubt (phishing, whaling, spoofing), pick up the phone and talk to the person sending to see if the action being requested via email is legitimate. Clients can always call us with questions or concerns.
- Do not share personal information via email.
- Double-check that any attachments are from a legitimate source before downloading. If you’re not expecting an attachment, do not open it.
- Watch for suspicious content and misspellings.
- Avoid clicking links from within an email.
- Spoofing and phishing emails will often contain words the evoke emotion and quick action like: Flagged, Violation, Urgent, Reactivate Account, Scheduled for Deletion, Cancel Deactivation, and Disabled.
- Be suspicious of emails that claim to be urgent or pose any unusual requests.
Whaling is when an email scam attack is made toward the heads of companies, other highly-ranked individuals at a company, or someone with access to bank accounts and finances. These types of scams often appear to take place between one person in a company asking another to pay a bill, transfer money in accounts, etc.
As always, we’re here to help our clients move their digital marketing forward with confidence. Call or email us with questions or concerns.