We’ve written articles about this before, but it’s an ongoing problem. The nature of spam emails is also changing; they’re becoming much more sophisticated. Often they’re targeted to look very similar to ‘official’ emails, but more worryingly, they often contain ‘personal’ information.

This ‘personal information’ is often used to try to convince you that the email is genuine.

Examples of ‘phishing’ and other email scams:

The ‘I caught you doing something naughty on video’ scam

We’ve seen a lot of this one recently.

The email contains a series of long paragraphs which claim to have filmed you doing something sexual or naughty, using your own webcam. The email will then threaten to release the footage on social media/the internet unless you pay them a specified amount in Bitcoins.

They usually attempt to convince you that they’re telling the truth by adding one of your passwords in to the email. Frighteningly, these passwords are usually real!

So you may ask, how did they get my password? Well, the likelihood is that some website you visited in the past has been hacked at some point, and your data stolen. You can check whether this has happened to you by using the haveibeenpwned service (Google it). This will enable you to check whether your data has been stolen at any point, and from where.

But, that aside, if you do get an email of this type, just IGNORE IT. It’s an attempt to blackmail you, they really don’t have any video!

NEVER EVER reply to these emails and NEVER click on any links within them.

The ‘Your website is broken/we can help you with your website’ scam

These emails generally start with something along the lines of “I was looking at your website and I noticed a few things are broken…”

The email then goes on to describe the website’s ‘faults’, often including the following points:

  • Google publisher is missing
  • Custom 404 page is missing
  • WordPress is not installed properly in the blogs
  • Website speed

There are often more points than this, pointing out how your website could supposedly improve.

A client sent me the above email, and when I read it, I laughed out loud!
The points were laughably untrue and easy to disprove.

The action the sender wanted the client to take was to reply to their email, and enquire about having them ‘fix’ the website’s supposed ‘issues’. The client had the good sense to report it to us instead!

NEVER EVER reply to these emails and NEVER click on any links within them.

The ‘you have ‘x’ pending messages’ scam

This is a new one. Supposedly from ‘cPanel Administrator’, this made me look twice as we do use cPanel on some of our servers.

The email looked like this:

I’ve annotated the above image to show you the parts that I ALWAYS look at when deciding whether an email is genuine or not.

  1. The ‘From’ line. I’d have expected an email like this to come from my server’s domain name if it was genuine.
    Instead, it came from ‘providencetitle@providencetitle[.net]’, which to me seemed odd, and suspicious.
    I ran the domain ‘providencetitle[.net]’ through some tools and it came up as a ‘deceptive site’. No surprise there!
    It’s a site running on GoDaddy Hosting, but I can’t see who it’s registered to as GDPR now prevents us from getting that info.
  2. The ‘To’ line. I’d expect the email to come directly to me, or to my company email address. ‘Undisclosed recipients’ is suspicious, as it means it’s been sent to an unknown number of people.
  3. The big red ‘Review Message’ button.
    Doesn’t that button look inviting? A big red, attractive button, almost screaming ‘click me!’
    But I know that genuine emails from my servers do not contain buttons.
    If that wasn’t enough, I can hover my mouse over the button (just hovering, never clicking!)
    Look what appears in the status bar at the bottom… an odd link:

The link is to ‘prioritycarpetcleaningrichardson[.com]
I’d expect it to be a link to my server (if it was genuine). But an odd link like that? Smells very fishy to me!

You can bet that clicking that button would take you to a website, where a malicious script would run and infect your computer with a virus. NOT something you want to happen!

Once again: NEVER EVER reply to these emails and NEVER click on any links within them.

There are so many of these scam emails, and new ones every day.

Remember, if in doubt, give us a shout!

How to find out if your information has been stolen:

Google ‘HaveIBeenPwned’ to use this service to check wherther your data has been stolen in a data breach.