Frequent Questions: Phishing Emails

What is a phishing attack?

“Phishing” is the attempt to receive personal information from a person by impersonating someone that person already knows or works with. For example, it is common for domain name owners to receive phishing emails claiming to be from their registrar. The attacker uses the logo and format of the company’s legitimate mail, but instead of linking to your account it links to a totally different page that looks like your registrar. When you try to log in or make a payment on this page the attacker steals this information and uses it for malicious purposes.

Often, the attacker will attempt to create a sense of urgency. For example, they may include a warning that your domain is going to expire in the next 24 hours. This sense of urgency can cause people to act without fully considering the risks. It is always worth taking the extra minute or two to log directly into your account through Gandi.net anytime you get a suspicious email.

How can I tell if an email is from Gandi or a phishing attempt?

The best way to check if an email is truly from Gandi is to log into your account by typing Gandi.net in your address bar, then verifying if the information provided is correct. For example, if you received a prompt to renew a domain you can check by typing Gandi.net in the address bar on your browser, log in, then go the Domains section to see which domains need to be renewed, if any.

Some actions, such as an email verification, will require you to click a link in your email. In these cases, only click the link if you submitted a new order or other request within the past few hours. If you are not sure if the link is a result of an action on your part you can log in at Gandi.net and check to see if you have any pending orders or requests in your account. If needed, you can also request that these emails be resent within the admin of your account.

By typing Gandi.net into the address bar of your browser and logging in from there, you can perform any renewals or other business with the assurance that you are truly interacting with Gandi.

What should I do if I receive a phishing email?

The best response to a phishing attack is no response. Never click on a link in a phishing email. Even if you provide no personal information after clicking the link, you still send the message to the attacker that your email address is valid and active. If you have identified an email as a phishing attempt, you can delete the email and forget about it. You do not have to take any further action. You do not need to forward a copy of the email to our customer support.

If you use a service like Signal Spam you may be able to report the email as a phishing attempt inside your mail client. Signal Spam, and similar services, can then use that information to warn other users of their services against similar emails.

What should I do if I provided information to a phishing attack by accident?

If you followed a link in a phishing email and logged in on the page using your Gandi login and password, you should immediately change your password. You can read about how to do that here. We also recommend activating two-factor identification on your account.

Attackers also commonly will try to use the same email and password combination on other sites, so if you used the same password for other websites you should change your password there as well. This is why security experts recommend using different passwords for different websites.

If you followed a link in a phishing email and attempted to make a payment using your personal payment information, such as a credit card, you should contact the bank managing the compromised account right away. They will be able to help you to take the necessary steps to protect you from fraudulent charges.

How did they get my email address?

Because domain names have publicly listed contact information, owners of domain names are a popular target for phishing attacks. Even if you do not have an email address listed publicly, it can be easy to guess email addresses that might exist at a domain name. For example, many website owners have an email “contact@example.com.” Receiving a phishing email is not an sign of a breach of personal information.

What is the difference between phishing and spoofing?

Spoofing refers to the practice of listing a fake “from” address. Attackers may use this technique to send emails pretending to be you, for example. A phishing attempt may have a spoofed “from” address, or it may not. Read more about spoofing here.

Is there anything I can do to protect myself from future phishing attacks?

These are some actions you can take to protect yourself from future phishing attacks:

  1. Don’t click on links in an email unless you have specifically requested a link to be sent.
  2. Ensure you are interacting directly with Gandi by typing gandi.net into your browser and logging into your account directly.
  3. Avoid using the same password on multiple websites.
  4. Download an anti-spam service like Signal Spam, which is a free service which helps identify spam and phishing attempts. It will display a warning when you open an email containing known phishing links. Signal Spam works with a variety of browsers and email clients.
  5. Enable two-factor identification on your account.
  6. Avoid creating generic, easy to predict email addresses (such as contact@example.com, admin@example.com, info@example.com, etc.)

The best defense against phishing attacks is a healthy amount of skepticism about all the emails you receive. Be aware that malicious people can and will try to fool you into providing your personal information, and do not provide that information until you are satisfied that the sender is who they say they are.