Fear and anxiety are the biggest allies spammers have. Every month, for instance, that more of our customers than usual have problems with their bill, there’s also a corresponding uptick in the number of them that fall for phishing attacks. The reason why seems clear: people who are worried or feeling guilty that non-payment will cause us to shut down their accounts tend to take the phishing bait more easily, which is exactly what the bad guys want.
Specifically, anxious users tend to respond far more readily to emails appearing to be from Southwest Cyberport and demanding that they log in or reply than other customers do. There’s no shame in this: these criminals are very clever, and their sneaky methods are evolving all the time. They’re constantly looking for new ways to get you to react without thinking first.
It used to be that such emails had a “Reply to:” address, but that was too easy for us to block; so nowadays they more often use a Web address that is disguised to look like ours. However, the link actually goes off to some poor hacked website somewhere, where they’ve set up a small customized password-stealing page designed to look like our webmail page or like a bank or some other standard-looking login. As soon as you enter your information, the spammers are quick to use or sell that info to other spammers to send out junk mail.
Sometimes, the only way you can tell you’ve been had is that once you log in, nothing happens.
When such a situation occurs, it is most unfortunate, as it makes the situation even worse for yourself – and everybody else, too. So, to lessen the number of such occurrences, let’s get a few facts straight:
1. SWCP never demands confidential information, instant payment of overdue accounts, or logging in to your account from a link in an email. If there are payment problems that persist, and usually over a period of months, we generally first send out several warning emails of increasing severity when payment falls behind – but there are never any links included. You will then receive a notice in the postal mail or a personal phone call. This is done if there is no response to the emails, as experience has taught us that often the contact information is wrong or outdated.
2. SWCP never cuts accounts off without trying to work things out individually with customers first. The economy’s not great right now; unexpected bills and emergencies can strike; people get sick, laid off, busy, or simply forget: these things can happen to anyone at any time, and we understand. We’re willing to work around them, give you lots of slack, and we won’t cut you off or shame you for being human. You can always call us, or make a secure payment online from our website. We will cut off accounts if lack of payment reaches really serious amounts and our efforts to reach you have been fruitless, but we will make every effort to contact you first.
3. SWCP will never contact you from any address other than swcp.com. If you notice that the email is from any other address, or if you’ve clicked on the address and go to a webpage that is anything other than www.swcp.com – that’s not from us. Do not reply, do not click anything, just get out of there fast.
So what should you do instead? If you are at all uncertain if the message is from us or not, ask us – regardless of how much or little you owe. Either forward it to firstname.lastname@example.org or call Tech Support at (505) 232-7992. If you’re sure it is a phishing attack, don’t respond to it in any way, but please let us know also. In either case, you’ll be doing yourself, and the rest of us, a potentially big favor.
We watch out for phishing emails 24/7 and when spotted, quickly block them from reaching our members. But we tend not to see phishing attempts if they go to some customers and not to staff. So usually we can’t stop all of them in time no matter how hard we try.
When one gets past we try to do the following things:
- Verify it is a phish.
- We try to stop more from coming in and see how many slipped through to customers.
- We have our mail servers search for the exact unique wording used and automatically delete messages containing it before they can be opened. However, this only works for mail still unopened on our server; if your PC/phone/tablet has already downloaded them, it is out of our control.
- We report that hacked website to Google at https://www.google.com/safebrowsing/report_phish/ so they can verify and setup a red warning page in Google-safe browsing enabled platforms (including Firefox and Chrome) that warn users that it has been reported as phishing. (Note: you can report these too by filling out just a few fields.)
- We then try to add other distinguishing features from that email to our spam filters so they can learn to automatically reject any similar attempts in the future.
- And lastly, we try to contact the spamming site/domain owner to let them know they have been hacked or are helping spammers. Oftentimes, they too, are naive users that have no idea they’ve been taken advantage of, but not always.
- If all else fails, we will block the email address the spam comes from, or even the website, so that even if somebody clicks the link, it won’t open. This last action is drastic and something we do not want to do, as it may prevent users from reaching even legitimate sites using that IP address range. (For one thing, it is both difficult and time-consuming to get a blacklisting cleared. We know just what a pain it is because other ISPs have occasionally blocked all SWCP-hosted websites for spam coming through one of our infected customers. Which is yet another reason we’re so pro-active about keeping you safe.) Blacklisting is also fairly futile, since access-blocking won’t affect a large number of our customers from reaching the site for various technical reasons. And usually by the time all this is accomplished, the damage has been done and the spammers have moved on to new victims anyway.
Unfortunately, if you’ve been had, there’s only one thing you can do about it, and the quicker the better: Go to our website. Under the Support heading on the menu, go to the Members Portal, log in with your current password, and change your password. Or call Tech Support ASAP and ask them to do it for you.
Above all, don’t panic. But call or email us if you have any questions, problems, or concerns.
By acting with deliberate caution and not out of fear, you will stay safer and help all of us stay safe, too. And for this we thank you, as we are all in this together.