We have recently been notified of an email phishing attack attempt claiming to be from SSLs.com. These malicious emails were sent from the email address noreply@ssls.com; however, we did not send these emails. We do not use the email address above to communicate with our customers.
If you receive any emails from noreply@ssls.com, we strongly advise that you do not open them, do not click on any links inside, and delete them immediately.
We apologize for any inconvenience this issue may have caused you. Read on to learn more about what happened, whether you should take any actions, and what SSLs.com is doing to address the issue.
What happened?
Recently, we received several complaints from users claiming they received suspicious emails from noreply@ssls.com.
We investigated the situation and confirmed that the emails were a part of a phishing attack.
The attack utilized what’s called ‘email spoofing’. Email spoofing is when an attacker uses a fake email address featuring the domain of a legitimate website. This is possible because domain verification is not a feature of Simple Mail Transfer Protocol (SMTP), the protocol email is built on.
The phishing emails asked recipients to authenticate their email address. The link inside the emails leads to a page that looks like the Webmail cPanel interface. The page requests the user to enter their email address and password. The page is hosted by ipfs[.]io, which uses the InterPlanetary File System, a decentralized file hosting system. This technology is known to be used for such attacks.
What you should do
- If you received any emails from noreply@ssls.com, please do not open them. Don’t click on any links, and delete the email. If you followed the link and entered any credentials into the phishing form, please change the password for the related services and contact customer support to inform them about the potential breach of your account.
- Treat webpages hosted by ipfs[.]io as high-risk and do not submit any sensitive information there.
- Familiarize yourself with the primary means of protection from phishing attacks.
- We encourage all site owners to enable DMARC (Domain-based Message Authentication Reporting and Conformance) for their domain names and not fall victim to spoofing attacks. You may reach out to your DNS provider for assistance with this.
Is my data safe?
If you did not click on the email and enter your details on the phishing page, then you’re safe.
There are no signs that SSLs.com’s customer data has been breached.
How we’re handling the issue
To prevent similar attacks from happening again, we will implement DMARC technology, which is a method of authenticating email messages and disallowing email spoofing. You can learn more about DMARC here. As soon as DMARC is implemented, it will no longer be possible for bad actors to impersonate SSLs.com emails. We will update this post when DMARC is enabled.
Kind regards
SSLs.com Support Team
____________________________________________
update@ : March 25, 16:40 UTC | 12:40 PM EST
Dear Customers,
We are pleased to inform you that the DMARC policy has been activated for SSLs.com.
Effective immediately, any emails originating from unauthorized servers will be directed to the spam folder. However, we understand the importance of ensuring that legitimate emails are not mistakenly flagged as unauthorized. Therefore, we will diligently monitor the situation over the coming weeks to mitigate any false positives.
Subsequently, we will adjust the DMARC configuration to enforce stricter measures, whereby emails from unauthorized servers will be outright rejected by the email client. This additional layer of protection will further safeguard our communication channels against potential threats.
While DMARC implementation significantly reduces the risk of domain spoofing, it’s essential to acknowledge that some email providers may not fully adhere to DMARC policies. Therefore, emails with spoofed domains may still manage to infiltrate your mailbox on these platforms.
For your reference, listed below are several reputable email providers known to perform DMARC checks:
- Gmail (Google Mail)
- Outlook.com (Microsoft)
- Yahoo Mail
- AOL Mail
- ProtonMail
- Zoho Mail
- FastMail
- iCloud Mail (Apple)
If your provider is not on the list, or if you are unsure about their DMARC authentication practices, we encourage you to reach out to them directly for clarification.
Kind regards,
SSLs.com Support Team