“Click Here to Log In” … don’t do it!

Beware of this Bluehost Phishing e-mail (“click here to log in” … don’t do it!).

A “phishing” e-mail is one that tries to get you to reveal your login credentials to a hacker. Phishing is often how organizations get infected with viruses and ransomware. As you may know, a few days ago, 23 Texas cities were attacked by ransomware. The e-mails often look like they come from a known source.

I received this phishing attempt this morning and it was unusually good. First of all, there is no bad spelling or broken English. Second, the other day I moved a domain off of Bluehost (I don’t use them for hosting but still have some domains with them), which probably triggered something in the WHOIS database that alerted the phishers and to even use my real name (despite having domain privacy on everything).

Third, the FROM address was legit, and the e-mail headers even originated from Bluehost’s servers. What caught my attention is that the URL included a domain that I have never owned. Also, note that the e-mail says “You have 24 hours to respond.” They often have an alarming, time-sensitive message so you will just click and not ask questions. 

Out of curiosity, I first Googled then visited the address referenced (don’t do what I did!) and it looks like a legit website for a nonprofit.

I did not login to Bluehost, but instead got into their chat. Support said that it was not legitimate, and the owner of the domain has malware on their account. So, this nonprofit got hacked, and the hacker used the nonprofit’s account to send me an e-mail from Bluehost’s’ servers and try to steal my login credentials.

If successful, the hacker would have had complete control over any domains on this account. They were probably trying to gain control over a hosting account from which to send more phishing e-mails and infect websites with malware or ransomware.

The Takeaway:

  1. View all domain-related e-mails with suspicion. I even get fake e-mails about my own domains saying they are about to expire, etc. If you are my client, please check with me before doing anything.
  2. Don’t click on links in e-mails that ask you to log in. Even if it’s from your bank, credit card company, a supplier who wants you to click here to pay an invoice, etc. Go to your web browser and log in directly on their site, not from an e-mail link.

My clients’ security is my #1 priority, and their sites have firewalls, redundant backups, DDOS protection, and free malware scanning and malware removal.

Very best regards,