It’s phishing season, and no we don’t mean a day on the water. Phishing is a cybercrime that snares all too many innocent people every year. We’ve seen and heard about some phishing attempts involving criminals that are using our email service provider, Rackspace, as their cover. Therefore, we thought we’d shed some light on the subject so that you are better prepared to see the hook and line before getting caught. Whether you’ve fallen victim to this cybercrime or not, continue reading to learn more about phishing and some tips for preventing an attack.

What Is Phishing?

Hacker with laptop computer stealing confidential data, personal information and credit card detail. Hacking concept.

Phishing is the fraudulent practice of sending emails under the guise of a reputable person/company to trick users into giving up their personal information. This could be information such as passwords or even credit card information.

A phishing scam will always require a click on your part. This click ultimately gives the scammer authorization to deal their damage. Think about it, if you do the clicking, your computer thinks that you have given authorization for this person to have access to your data.

When In Doubt…

Suspicious woman checking laptop content in the night

If you receive an email that’s smelling a little phishy, the best thing to do is to not click on anything.

Keep in mind that these scammers can even use hidden links to get in. Meaning, they could have used a phishing link hidden behind the original link to sneak past you. Again, your computer will only see your click as you giving authorization, even if you didn’t know what you were clicking on.

Rule Of Thumb

STAY SAFE - text on wooden cubes, green plant in black pot on a wooden background

As a general rule of thumb, make sure you know who you’re dealing with. If you don’t know or are suspicious of foul play, either ask someone or delete the email.

In some instances, the sender’s name looks to be someone that you trust, when it’s actually coming from a scammer. This is a phishing tactic called spoofing. Learn more about spoofing.

Always play it safe and verify the sender before interacting with an email. The easiest way to do this is to open the drop-down box for the sender and look at the email itself. Oftentimes, a suspicious email will be coming from an email that does not match the sender’s name.

Another general rule of thumb is to never click on a link in an email. Instead, create a habit of typing the link directly into your browser. We know it’s easier to just copy and paste, but a little extra work in the short-run will help protect you in the long-run.

Note in this phishing attempt that the email does not match its sender’s name.

Screenshot of phishing email showing email that does not match the sender

Reflected Cross-Site Scripting

Abstract Modern tech of Programming code screen with Warning alert of System hacked. Virus, Malware, Cyber attack, and Internet cyber security Concept. 3D illustration.

Reflected cross-site scripting (XSS) is another technique that cybercriminals will use as part of a phishing scam. This is certainly a more advanced technique, so buckle up.

This specific XSS technique involves the criminal sending the victim a bad link that’s infected with malware, This is typically done via email or text message. But here’s the catch; the link itself is disguised as something more welcoming so that the user lets their guard down.

In using this infected link, victims unknowingly allow the perpetrator to gain access to their computer by visiting a seemingly harmless website.

The best way to prevent this kind of attack is vigilance. Specifically, be on the watch for emails from unknown senders, especially if they include an urgent call to action, so as to avoid clicking on suspicious links.

Rackspace: InsideOut’s Email Service Provider

Cyber security and data protection. Businesswoman using modern screen computer protecting business and financial data with virtual network connection. Innovation technology develop smart solution.

InsideOut Solutions manages your email with Rackspace as our provider. Rackspace will never contact you. If there is ever any issue, they will contact us directly and we will reach out to you if necessary. If you ever receive an email from Rackspace that’s asking you to verify or update any information, delete it immediately.

Note here that while the sender’s name says “Rackspace Notification”, the actual email is clearly not from Rackspace. Additionally, these phishing attempts are usually sent from a variety of emails that will include different messages to try to fool you into thinking that one of them is real.

Screenshot of phishing email showing email not matching sender with a different message
Screenshot of phishing email showing  email that does not match the sender

We’ve Got Your Back!

If you have additional questions or are suspicious of a phishing attempt, please reach out. We’re here to help.

InsideOut Solutions creates a new blog post every week, so be sure to subscribe to our monthly newsletter to stay updated with our recent blog posts!