How to Spot a Phishing Email

A new well-designed phishing email has been aimed at cPanel users recently, and we want to help our users stay safe.

What is Phishing?

Phishing, by definition, is the act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication such as email. The most effective phishing emails make use of e-mail spoofing, where the ‘from’ address that your mail clients display seems to be valid. These emails will include a link that directs users to enter details at a fake website. Fake websites can have the same look-and-feel as the legitimate one and can fool an unsuspecting user.

How Phishing Emails Affect cPanel Users

cPanel powers more than a third of the websites on the internet making cPanel users an obvious target. Taking steps to defend against some of the most obvious offenders using SPF records helps but doesn’t prevent all attacks. Education, reporting, and mitigation are key to preventing the effectiveness of these attacks.

What to do if you get a Phishing Email

The first step to take if you think you’ve received a phishing email is to confirm it.

  • Check the email headers of the ‘Sender’ address
  • Check for links, logos, typos included in the email
    • Typos, misspellings, and incorrect capitalization (e.g., CPanel or Cpanel, vs. the correct cPanel) are red flags
    • URLs or names that aren’t quite right (e.g., cpanelcom.com therealcpanel.com) are red flags
  • Report the email and the URL

What do they look like?

An example of a very well designed phishing email is below.

Notice that the content has very few typos, but the ‘from’ address has an incorrectly capitalized ‘CPanel.’ If you were to click on the ‘Accept the new terms’ button, you would be taken to a legitimate-looking form that appeared to be a cPanel login page, but the URL didn’t have cPanel anywhere it in.

Oh, no! I put my credentials in there!

If you fell for this trick (as many have), the first step is to change the password for the impacted account. If you have used that password anywhere else, change your password there, too. Then make a plan to sign up for a password manager and start making unique passwords for each account you have.

To recap

Phishing attacks…

  • Often use spoofed email addresses in an attempt to trick the recipient into believing they are coming from a legitimate entity.
  • Will send users to a site that has a legitimate design, and ask for a user’s login, password, other personal details.
  • Should be reported to help reduce their reach.

If you spot a phishing email, report it! If you spot a phishing email that claims to be from a legitimate website or wants to direct you to a login page, report it and then send that email to: [email protected] with the full headers. That way we can help track and report it as well.

Chrome’s plan to label sites as “Not Secure”

, ,

Beginning in late July 2018, Google’s Chrome web browser will display a “Not Secure” warning to users visiting websites not using HTTPS. The HTTPS protocal utilizes an SSL certificate installed on a website that encrypts the traffic and data that passes to and from a users web browser and that website. Encrypting data with HTTPS is an essential component of protecting website visitors sensitive data such as usernames, passwords and credit card numbers. A website that uses HTTPS helps assure its visitors that it takes security seriously and gives them confidence that their data is safe.

AlpineWeb Design has been helping its clients protect thier websites for two decades by providing business class web hosting plans protected by SSL Certificates. Our products and services include SSL Certificate products, PCI compliant hosting plans and security consulting to help website owners secure thier websites and protect thier and their customers privacy and data.

If you’re an AlpineWeb Design Client and would like to protect your website with SSL Order Today!

If you’d like to consult with one of our security experts call or contact us today.

Alpine Hosting Plan Refresh

Alpine Hosting Plan Refresh

In keeping with our commitment to the needs of our Web Hosting Customers AlpineWeb has moved to increase the available Disk QuSpace of our Alpine Hosting plans.

A high percentage of our Customers are using WordPress to run thier websites. Most of these WordPress installations were installed and are managed with the Installatron Application installer. Not only does Installatron allow Customers to install a wide array of popular software applications, it also provides options for keeping software applications up to date with the latest versions.

In the case of WordPress, Installatron not only updates the core software when new versions become available it also upgrades WordPress Plugins. An important aspect of upgrading software is to run a backup before running an upgrade in order to facilitate a restoration if something goes wrong.

Read more

LastPass – Password Management

After helping a customer reset a password for their e-commerce application recently I told them about LastPass. Now I’d like to share the password management solution that we’ve found to be indispensable. LastPass helps you create and manage secure passwords for email, websites and more. For the AlpineWeb staff, LastPass is a solution we use and rely on everyday.

LastPass saves time by requiring you to remember only one master password keeping all the rest of your passwords secure and easy to find in your LastPass account. You can access LastPass for all of your passwords from any device whether it’s a laptop, tablet or mobile device.

  • Autofills usernames and passwords for your favorite websites
  • Share a Password with another LastPass User without revealing the password
  • Password generator helps eliminate the use of bad passwords
  • Security Challenge helps to identify weak and duplicate passwords
  • Two factor authentication available for increased security

LastPass is available in three versions:

  • Free for one device
  • Premium – premium features on unlimited devices – $12.00/user/year
  • Enterprise – advanced features for all of your users – $24.00/user/year

 

Learn more about the Free, Premium and Enterprise versions of LastPass here:

https://lastpass.com/

Meltdown and Spectre

,

Work has begun on patching the recently released vulnerabilities known as “Meltdown” and “Spectre”, with the CVEs  of: CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 on your server(s). More information on these vulnerabilities available here: https://www.alpineweb.com/backroom/announcements/57/Meltdown-and-Spectre.html

If your server(s) are running a Linux-Based operating system, they will be patched and automatically rebooted over the next 48 hours. Due to the severity of these vulnerabilities, we are unable to schedule the patching and reboot process.

In either situation, we have you covered and no action is required from you at this time.

Why Should I Update My WordPress Site?

A common question we here is “Why do I have to update my WordPress my website it is working and looking fine – no issues?” Technology evolves quickly and know that it is better to stay up to date at all times. As new versions are released, with each version comes refinements and patches to vulnerabilities and loopholes in the existing software. Major releases have added features that allow you to do more things often easier than before.

Read more