As the leading hosting providing in Switzerland, Infomaniak is regularly targeted by phishing campaigns. These malicious e-mails aim to extort their victims by exploiting personal data available on the Internet.

Expired products, blocked accounts, old passwords that have been stolen, allegedly pirated computers, threats to share videos of an intimate nature with your contacts – these are all techniques used to “fish” (hence the expression “phishing”) your personal data or money.

How do I identify a malicious message?

Be wary of urgent demands, especially ones involving a payment or requiring your bank or personal details such as your name or date of birth.

Here is an example of phishing. Our e-mails are sent from addresses ending in @infomaniak.com and the domain of our links is always infomaniak.com (manager.infomaniak.com/XYZ, faq.infomaniak.com/XYZ, infomaniak.com/XYZ, etc.).

To gain your trust, these malicious messages may contain personal details such as your first name, the name and expiry date of your domain or even old passwords. The senders of these malicious e-mails get their hands on people’s details using public directories such as WHOIS or exploit security flaws on well-known sites where you might have entered your information.

How should I deal with spam like this?

  • If in doubt, never open links or attachments. Whichever link you click on, check your browser to make sure you’re on infomaniak.com (it needs to be spelt exactly the same):
    • manager.infomaniak.com/XYZ
    • faq.infomaniak.com/XYZ
    • infomaniak.com/XYZ
    • news.infomaniak.com/XYZ
    • etc.
  • If the suspicious e-mail is asking you to make a payment, manually log in to your Infomaniak account at manager.infomaniak.com and go to “To pay“.
  • Check our status page to see if Infomaniak is being targeted by a phishing campaign.
  • If you’re still not sure, contact our support team.

If you’ve already replied to the e-mail or if you’re receiving insistent reminders, stop the correspondence and delete the e-mails. If you’ve paid a ransom, you may have to file a complaint with the police and contact your bank to cancel your card. If this is the case, please save all the e-mails and payment slips. Then, think about running a scan on your computer with a recognised anti-virus program and change your passwords for sensitive accounts immediately.

How do these phishing campaigns work?

These malicious spam schemes are the work of organised criminals who are most likely based abroad. Like others types of attack, these e-mails manage to get past the most advanced anti-spam filters by hacking into e-mails that are considered trustworthy.

These extortion attempts exploit two shortcomings: The first is technical and the second, more dangerous type is human.

Stealing your personal data (first names, domain name, password etc.)

Websites, even major ones, are hacked every single day: online shops, music streaming services, online games or any other kind of site which has user accounts can all be affected. When this happens, databases containing usernames and passwords of members are compromised and can be published on the Internet. In addition, data can be compromised as the result of spam. Passwords and usernames are also exposed and accessible on the Internet.

The senders of these malicious e-mails get their hands on these login details and use them to sound credible when they contact you pretending to be Infomaniak or any other company you consider to be trustworthy, and it’s in this last phase when the scammers exploit people’s weaknesses.

Inciting fear and panic to get your money

To trick people into paying a ransom, the offenders devise a scenario supported by the personal data gathered in advance. Using a personalised e-mail made plausible by the inclusion of personal details (e.g. your name, sites visited, password etc.), the spammers set a trap that it’s easy to fall into. This strategy constructs a lie veiled in truth.

By relying on personal details, the scammers make their whole story plausible but, in reality, it’s not. It’s only designed to cause fear and a feeling of guilt – two emotions that can make you give in to the pressure of a ransom demand.

The following is an example of one of these malicious e-mails:

It appears that, (XXXXX), is your password. Will possibly not know me and you are most likely wondering why you are getting this e mail, right?

in fact, I setup a malware on the adult vids (adult) web site and guess what, you visited this site to have fun (you know what What i’m saying is). During the time you were watching videos, your internet browser started out operating as a RDP (Team Viewer) which gave me accessibility to your screen and web camera. and then, my computer software obtained all of your contacts from the Messenger, Microsoft outlook, Facebook, in addition to emails.

What did I do?

I produced a double-screen video. Very first part shows the recording you were watching (you have got a good taste haha . . .), and 2nd part shows the recording of your webcam.

what exactly should you do?

Well, I think, $1000 is a reasonable price for our little hidden secret. You will make the payment by Bitcoin (if you don’t know this, search “how to purchase bitcoin” in Google).

Bitcoin Address: XXXXXXXXXXXXXXXX
(It’s case sensitive, so copy and paste it)

Very important:
You have 1 day in order to make the payment. (I have a unique pixel in this e-mail, and at this moment I am aware you have read this email message). If I don’t get the BitCoins, I will certainly send your videos to all of your contacts including family, co-workers, and so forth. Having said that, if I receive the payment, I’ll destroy the recording immediately. If you’d like evidence, reply with “Yes!” and i’ll undoubtedly send your video recording to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by answering this message.

In this specific attack, the originators pretend to have hacked their targets’ computers and recorded videos of an intimate nature via the computer’s webcam. The blackmail trap closes on its victims by threatening to share these videos with contacts from their address book if the ransom demand (in bitcoins) isn’t paid within 24 hours.

How can I protect myself against malicious e-mails?

Apart from technical solutions and in cases where human shortcomings are exploited, the best protection is prevention:

  • Use a different password for each computer, e-mail address and website.
  • Use the most up-to-date version of your web browser (Firefox, Chrome etc.).
  • Activate two-factor authentication for your accounts to stop spammers from getting into your accounts even if they know your password.
  • Don’t trust unsolicited or unusual e-mails from known, or even unknown, senders. Scammers often hack e-mail addresses to trick the recipients of their malicious e-mails.
  • Take the time to verify where the message has come from by calling the sender.
  • Don’t open attachments with extensions you don’t recognise or which don’t seem to match the context in which you received them.
  • Verify a suspicious URL before clicking on it by copying it into a site like virustotal.com
  • You can check if your e-mail address and password have fallen victim to a known breach at haveibeenpwned.com, but be aware that your data will then be provided to the website.

Lastly, we would like to remind you that Infomaniak never asks customers to provide their login details or any other personal information in an e-mail (date of birth, address, bank details etc.). We also continually inform our clients of potential threats via the State of the services page and the Manager.

What is Infomaniak doing to combat phishing?

Infomaniak is doing everything it can to put an end to these scams on many levels:

  • by contacting various hosts and registrars hosting these fraudulent sites to get them blocked;
  • by updating our anti-spam filters in order to block any new versions of these e-mails so our clients don’t receive them;
  • by changing our e-mail infrastructure to implement additional security barriers to protect against identity theft;
  • by informing our customers via our website status.infomaniak.com, on social media and on Infomaniak’s various contact interfaces.
  • by lodging a complaint with the police with a view to launching an Interpol enquiry.

Useful resources