Online scammers are currently luring customers of the hosting provider Host Europe. The company itself is issuing a warning about this, but the Lower Saxony Criminal Police Office also feels compelled to warn the public.
Advertisement
In a recent statement on the polizei-praevention.de portalthe State Criminal Police Office of Lower Saxony explains that the phishing emails look very similar to the original emails sent by Host Europe. Anyone who does not look closely will not recognize the fake at first glance and may fall into the trap.
Genuine data to inspire confidence
The fraudulent emails contain genuine data, explains the LKA Lower Saxony. It is unclear where this comes from. In the emails viewed by heise online, the domain names to which the emails were addressed were correct; in particular, an info@ collective address should also be available for every domain that adheres to the RFCs that define the basis of the Internet.
Numerous fraudulent e-mails are reaching the owners of genuine Host Europe domains.
(Image: heise online / bsc)
What all phishing emails have in common is that they have the same alleged invoice number; 33250304. The subject line is “Urgent payment reminder – invoice 44250304”. The address is not personal, but mentions the e-mail address.
The address is impersonal, but the domain is listed correctly, although the address is usually the info@ of the domain.
(Image: heise online / bsc)
Although the sender address has “Host Europe – Invoice – NoReply” as the display name, it refers to cryptic domains not associated with Host Europe. This also makes it possible to recognize the forgeries.
The link displayed leads to a phishing page that is not located on the address shown in the email, but on random domains that also have nothing to do with Host Europe. A small Host Europe logo is displayed above a form requesting credit card details. According to the LKA Lower Saxony, after entering the data, a message “3D secure loading of transactions” appears, but nothing else happens. This is either a mistake on the part of the perpetrators, or they are content with complete card details. It is not possible to predict whether the rather small and inconspicuous amount of just under 13 euros will be debited later or whether the data will be misused for online purchases.
Host Europe also warns against these phishing emails on the company’s website. Customers are asked to stop sending these emails, as there are already enough examples. The LKA Lower Saxony and Host Europe both warn that recipients should not follow the links contained in such phishing emails.
Hosting providers are repeatedly the focus of cyber criminals. In the middle of last year, fraudsters tried to rip off Ionos customers with phishing emails. The bait was a call for customers to change their mail client settings immediately in order to continue accessing their mailboxes. The current scam was particularly perfidious, as the outdated TLS 1.0 and 1.1 encryption protocols were deactivated by Ionos at the time and configuration adjustments may actually have been necessary.
(dmk)