Unfortunately, even though there are a lot of bright minds trying to resolve issues like this, Criminals and Hacking Groups continue to easily forge emails to look like they are coming from Financial Institutions, Government Agencies, Tech giants like Microsoft, Amazon, EBay, Netflix, and even your own Email Service. These emails can look very real and usually reference problems or issues with your account that urgently needs resolved.
DO NOT Get Tricked! They are after your login credentials!
- DO NOT Open the actual email or even allow remote Content or IMAGES to be displayed without your permission. Opening an email with remote content or images will signal the Criminals and Hacker Groups that they have an active email which will then be sold over and over on the Dark Web to other criminals and hacking groups. Remote images can be as small as 1 pixel that is nearly impossible to see.
Best Practice: Make sure your email program is configured to BLOCK Remote Content (usually located within your Security and Privacy options of your email program).
- DO NOT UNSUBSCRIBE or Reply Back to suspicious emails. Again this signals the Criminals and Hacker Groups that they have an active email which will then be sold over and over on the Dark Web to other criminals and hacking groups.
Best Practice: Simply DELETE these emails.
- DO NOT CLICK ANY LOGIN LINKS. Clicking a link will normally open an innocent looking webpage that will either ask for your login credentials OR embed your device with their malware. Pay very close attention to where links are trying to direct you to. For example "www.paypal.example.com" is not "PayPal"... you would be directed to a phishing page at "Example.com".
Best Practice: Simply DELETE these emails and Manually Log In to any website in question as you normally would to research any claimed issues.
- DO NOT OPEN or CLICK any Attached Files that you were not expecting. Attached files that may look like normal Word, Excel, PDF and other innocent file types can contain hidden and disastrous malware and ransomware.
- DO NOT USE the SAME Password for Multiple Sites. Passwords have become a real pain but whenever a site has a data breach, emails and passwords are immediately sold across the dark web where criminals will use computers to test every site possible in search for more to credentials to steal.
Best Practice: Use a different password on every site and start using "2 Factor Authentication" wherever possible. You can find how to configure "2 Factor Authentication" for our email services here: https://doglegs.com/webmail-tips
The only true solution is to Go To your website in question as you normally would in order to login and research any problems or issues. (DO NOT Click on links within forged emails)