I received an interesting email earlier today from the PinoyBlogosphere mailing list. It was from a blogger named Louie and it was about an email he supposedly received from his hosting provider BlueHost asking him to update his account to avoid suspension. As soon as I saw the subject of the email, I knew it was something phishy. Here’s the email:
Dear Customer,
During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your account information.
Please update and verify your information by clicking the link below:
http://www.bluehost.com/
If your account information is not updated within 48 hours then your ability to access your account will become restricted.
© 2003-2009 BlueHost.Com. All Rights Reserved
Designated trademarks and brands are the property of their respective owners.
When I hovered my mouse of the link http://www.bluehost.com, the URL it was pointing to was not Bluehost’s URL but instead a domain with a ru extension – http://www.uralitel.ru//img/bluehost.htm. My suspicions were correct, this was a phishing email trying to get BlueHost customers to login to this phishing site and provide their login details. Phishers usually use scare tactics to trick potential victims. In this particular email, they try to scare the user with the subject line “Update Your Account To Avoid Suspension”.
Below are screenshots of the original Bluehost website and the bogus phishing site.
BlueHost website
Phishing website
The phishing site seems to have some issues with the images but as you can see, it was designed to look exactly the same as the real BlueHost website to fool potential victims and make them think they’re really logging in to BlueHost.
If you’re currently a BlueHost customer, be careful of this certain email. I’m sure Louie is not the only BlueHost client who received or will be receiving this email. Phishing emails are very common nowadays and I receive a lot of them supposedly from PayPal, Amazon, eBay, etc and turn out to be a phishing email.
As a safe practice, in case you receive an email from your hosting provider or any site that asks you to update your account details or login via a link on the email, DO NOT click on the URL/link provided in the email. Instead, open your browser and type in the URL yourself and login from there. Its always good to practice safe computing and always better to be safe than sorry. Btw, in case you accidentally logged in to the phishing site with your account details, inform the legit site about it and if possible, ask them to change all your account details, especially the username and password to avoid your account being compromised.
I’m blogging about this to spread awareness regarding this type of phishing emails and so that BlueHost clients and other hosting provider’s clients would be more careful when dealing with these types of emails.
Anyone who’s on BlueHost and have received this email recently? Were you able to detect that it was a phishing email?
[image credit: Stephanie Creelman]
i also recieved this mail and i logged in.what should i do know i am worried
@loy – $8 for a year’s hosting? I would have done the same thing too. That’s too good an offer to pass up. :D
Yes, I paid only $8 for the entire year. I was lucky enough to be one of those offered the promotion. During that time I didn’t have any money, but they were kind enough to wait for it. It was just too good to be passed up. :-)
@loy – 90% discount? wow, that’s a very good deal you got there. :D
It costs $80 a year, but I got a 90% discount… hehe… :lol:
@loy – Oh I see. If its from your brother it should have been free. Hehe just kidding. Anyways, how much do the hosting packages cost at WPWebhost.com?
Actually, I bought a hosting plan and domain name from my brother, so I don’t know the name of the company..hehe… That was before I discovered other web hosting plans with bigger space and bandwidth. I’m planning to transfer my site to WPWebHost.com after my brother changes the DNS info.
@loy – I see. So who’s your current hosting provider? If you don’t mind me asking.
Yup, I used to be a Hostgator customer, but I stopped because it has become way too expensive for me… :lol:
@jhay – That’s true. Unfortunately, not all users are aware of that and aren’t savvy enough to distinguish a phishing email. It’s good to increase awareness about scams and phishing emails so more people would be aware of them and be more careful.
@loy – Hehe..I didn’t plan to blog about this, it just so happened that I read this email from the PBS mailing list and it involves BlueHost. So you’re hosting provider is HostGator? Have you received any phishing emails pretending to be from HostGator?
Bout the cartoons, I just do a Google search for images that are related to what I’m blogging about and choose the ones that I like or are appropriate for the topic.
The .ru domain is a dead giveaway. Then again most are not aware of what phishing attacks are, it’s good to blog about this.
Would have been more effective if it’s about Hostgator…hehe… By the way Jaypee, where did you get those cool cartoon pictures?
@Jehzeel – I’m not sure I get it but what do you mean you updated? You updated your hosting account? Anyways, you’re welcome! ;)
nag update ako kahit wala akong account sa kanila :D astig! haha :D thanks for sharing about this :)