As the leading hosting providing in Switzerland, Infomaniak is regularly targeted by phishing campaigns. These malicious e-mails aim to extort their victims by exploiting personal data available on the Internet.
Expired products, blocked accounts, old passwords that have been stolen, allegedly pirated computers, threats to share videos of an intimate nature with your contacts – these are all techniques used to “fish” (hence the expression “phishing”) your personal data or money.
How do I identify a malicious message?
Be wary of urgent demands, especially ones involving a payment or requiring your bank or personal details such as your name or date of birth.
To gain your trust, these malicious messages may contain personal details such as your first name, the name and expiry date of your domain or even old passwords. The senders of these malicious e-mails get their hands on people’s details using public directories such as WHOIS or exploit security flaws on well-known sites where you might have entered your information.
How should I deal with spam like this?
- If in doubt, never open links or attachments. Whichever link you click on, check your browser to make sure you’re on infomaniak.com (it needs to be spelt exactly the same):
- manager.infomaniak.com/XYZ
- faq.infomaniak.com/XYZ
- infomaniak.com/XYZ
- news.infomaniak.com/XYZ
- etc.
- If the suspicious e-mail is asking you to make a payment, manually log in to your Infomaniak account at manager.infomaniak.com and go to “To pay“.
- Check our status page to see if Infomaniak is being targeted by a phishing campaign.
- If you’re still not sure, contact our support team.
If you’ve already replied to the e-mail or if you’re receiving insistent reminders, stop the correspondence and delete the e-mails. If you’ve paid a ransom, you may have to file a complaint with the police and contact your bank to cancel your card. If this is the case, please save all the e-mails and payment slips. Then, think about running a scan on your computer with a recognised anti-virus program and change your passwords for sensitive accounts immediately.
How do these phishing campaigns work?
These malicious spam schemes are the work of organised criminals who are most likely based abroad. Like others types of attack, these e-mails manage to get past the most advanced anti-spam filters by hacking into e-mails that are considered trustworthy.
These extortion attempts exploit two shortcomings: The first is technical and the second, more dangerous type is human.
Stealing your personal data (first names, domain name, password etc.)
Websites, even major ones, are hacked every single day: online shops, music streaming services, online games or any other kind of site which has user accounts can all be affected. When this happens, databases containing usernames and passwords of members are compromised and can be published on the Internet. In addition, data can be compromised as the result of spam. Passwords and usernames are also exposed and accessible on the Internet.
The senders of these malicious e-mails get their hands on these login details and use them to sound credible when they contact you pretending to be Infomaniak or any other company you consider to be trustworthy, and it’s in this last phase when the scammers exploit people’s weaknesses.
Inciting fear and panic to get your money
To trick people into paying a ransom, the offenders devise a scenario supported by the personal data gathered in advance. Using a personalised e-mail made plausible by the inclusion of personal details (e.g. your name, sites visited, password etc.), the spammers set a trap that it’s easy to fall into. This strategy constructs a lie veiled in truth.
By relying on personal details, the scammers make their whole story plausible but, in reality, it’s not. It’s only designed to cause fear and a feeling of guilt – two emotions that can make you give in to the pressure of a ransom demand.
The following is an example of one of these malicious e-mails:
It appears that, (XXXXX), is your password. Will possibly not know me and you are most likely wondering why you are getting this e mail, right?
in fact, I setup a malware on the adult vids (adult) web site and guess what, you visited this site to have fun (you know what What i’m saying is). During the time you were watching videos, your internet browser started out operating as a RDP (Team Viewer) which gave me accessibility to your screen and web camera. and then, my computer software obtained all of your contacts from the Messenger, Microsoft outlook, Facebook, in addition to emails.
What did I do?
I produced a double-screen video. Very first part shows the recording you were watching (you have got a good taste haha . . .), and 2nd part shows the recording of your webcam.
what exactly should you do?
Well, I think, $1000 is a reasonable price for our little hidden secret. You will make the payment by Bitcoin (if you don’t know this, search “how to purchase bitcoin” in Google).
Bitcoin Address: XXXXXXXXXXXXXXXX
(It’s case sensitive, so copy and paste it)Very important:
You have 1 day in order to make the payment. (I have a unique pixel in this e-mail, and at this moment I am aware you have read this email message). If I don’t get the BitCoins, I will certainly send your videos to all of your contacts including family, co-workers, and so forth. Having said that, if I receive the payment, I’ll destroy the recording immediately. If you’d like evidence, reply with “Yes!” and i’ll undoubtedly send your video recording to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by answering this message.
In this specific attack, the originators pretend to have hacked their targets’ computers and recorded videos of an intimate nature via the computer’s webcam. The blackmail trap closes on its victims by threatening to share these videos with contacts from their address book if the ransom demand (in bitcoins) isn’t paid within 24 hours.
How can I protect myself against malicious e-mails?
Apart from technical solutions and in cases where human shortcomings are exploited, the best protection is prevention:
- Use a different password for each computer, e-mail address and website.
- Use the most up-to-date version of your web browser (Firefox, Chrome etc.).
- Activate two-factor authentication for your accounts to stop spammers from getting into your accounts even if they know your password.
- Don’t trust unsolicited or unusual e-mails from known, or even unknown, senders. Scammers often hack e-mail addresses to trick the recipients of their malicious e-mails.
- Take the time to verify where the message has come from by calling the sender.
- Don’t open attachments with extensions you don’t recognise or which don’t seem to match the context in which you received them.
- Verify a suspicious URL before clicking on it by copying it into a site like virustotal.com
- You can check if your e-mail address and password have fallen victim to a known breach at haveibeenpwned.com, but be aware that your data will then be provided to the website.
Lastly, we would like to remind you that Infomaniak never asks customers to provide their login details or any other personal information in an e-mail (date of birth, address, bank details etc.). We also continually inform our clients of potential threats via the State of the services page and the Manager.
What is Infomaniak doing to combat phishing?
Infomaniak is doing everything it can to put an end to these scams on many levels:
- by contacting various hosts and registrars hosting these fraudulent sites to get them blocked;
- by updating our anti-spam filters in order to block any new versions of these e-mails so our clients don’t receive them;
- by changing our e-mail infrastructure to implement additional security barriers to protect against identity theft;
- by informing our customers via our website status.infomaniak.com, on social media and on Infomaniak’s various contact interfaces.
- by lodging a complaint with the police with a view to launching an Interpol enquiry.
Useful resources
Don’t miss all new Infomaniak features
We also suggest...
Control over data: data centres are the cornerstones of Infomaniak’s independence
Friday March 5th, 2021
Infomaniak × École 42 Lausanne: free local developer training for world-class skills
Friday January 22nd, 2021
Roadmap 2021: Infomaniak accelerates the development of its independent technology
Tuesday December 8th, 2020
Engineers, whistleblowers, ethical hackers… this is how Infomaniak protects your URL data
Monday November 9th, 2020
Encrypted email address: Infomaniak supports HIN for professionals dealing with health-related issues
Monday September 7th, 2020
kMeet, which is still free of charge, gets a makeover and now features moderation and recording
Monday September 7th, 2020
Swiss Made Software: building the technological alternative in the heart of Europe
Wednesday August 26th, 2020
One single password to manage everything: Infomaniak’s continuing its simplification process
Friday August 14th, 2020
Infomaniak 2020 Roadmap: a genuine alternative to the Big Five tech companies
Friday February 21st, 2020
9 reasons to choose Infomaniak to store your data and ensure data confidentiality
Monday February 3rd, 2020
Introducing kDrive: Switzerland’s first collaborative storage solution for SMEs and individuals
Friday December 20th, 2019
Black Friday: Infomaniak is clear – the planet is not something to haggle over
Friday November 29th, 2019
Infomaniak makes life easier for domain name owners and purchasers through bulk transfer
Monday September 23rd, 2019
Application hosting: an on-demand infrastructure to host a public service (case study)
Wednesday September 4th, 2019
How to create a Google Analytics goal for monitoring subscriptions to a newsletter
Friday August 16th, 2019
Web hosting with DIVI: free access to all WordPress themes by Elegant Themes
Thursday June 27th, 2019
Jelastic Cloud: the easy alternative to Amazon Web Services and Google Cloud Platform
Wednesday May 15th, 2019
Infomaniak makes your sites even more secure with Patchman Security Scanner
Friday February 22nd, 2019
Infomaniak launches Swiss Transfer, the Swiss high-capacity alternative to WeTransfer
Friday February 15th, 2019
Speed up the page load time of your website anywhere in the world with Fast Anycast DNS
Friday February 1st, 2019
Guest Manager: the one-stop event organisation solution is now more powerful than ever before
Friday January 18th, 2019
Swiss Backup, the Swiss backup solution for Windows, Mac, Linux, iOS and Android
Thursday November 29th, 2018
Infomaniak Sync: the Android app to sync your WorkSpace calendars and contacts
Friday November 9th, 2018
DebConf18 in Taiwan: Infomaniak contributes to Open Source at the highest level
Tuesday October 16th, 2018
WorkSpace 3: the new generation of Swiss Webmail is evolving with its users
Friday September 14th, 2018
Infomaniak launches Jelastic Cloud: the Swiss PaaS platform for developers and businesses
Tuesday September 4th, 2018
ISO 27001: Infomaniak stands out for its optimal management of information security
Friday August 3rd, 2018
Invitation management service: Infomaniak launches a tool for organising your events
Friday July 27th, 2018
Create an on-line store: e-commerce sites are becoming increasingly popular
Wednesday March 21st, 2018
How to create a VPN in Switzerland with a Synology NAS, hosted with Infomaniak
Thursday March 15th, 2018
Infomaniak integrates the European General Data Protection Regulation – GDPR
Tuesday February 6th, 2018
Is your WordPress site not yet in https format? Here is how to enable it
Wednesday November 15th, 2017
5 concrete, simple recommendations for increasing your open rate – Email Marketing
Friday April 28th, 2017
Starting 4 April, your admin console interface is going to be gradually evolving
Thursday March 30th, 2017
Transfer a domain without interrupting the operation of your emails and Internet sites
Monday March 20th, 2017
The Rolex Grand Slam organiser sends its newsletters with Infomaniak: Interview
Thursday November 24th, 2016
A specialized partner of Solar Impulse, Infomaniak is actively involved in the adventure
Tuesday June 16th, 2015
Sync your contacts and calendars (even more easily) with the Infomaniak WorkSpace
Tuesday May 5th, 2015
Install Joomla, ownCloud, phpBB, and more… in just a few clicks with Infomaniak hostings
Friday January 23rd, 2015
Rencontres du Management Durable (Sustainable Management Meetings) at the CCIG
Friday June 20th, 2014
The new “Mon Site Facile” tool: easy web site creation in just a few clicks of the mouse
Friday February 28th, 2014