Phishing Scams

 

Several times a year some our customers get emails that claim to come from LMi.net, but in fact are faked messages that have but one purpose: To get you to type your email password in an email or web interface. This is called “Phishing”. How these scammers obtained your email address in the first place is unclear. What is clear is what will happen if you were to provide them with your email password. Within minutes of getting your password, they will access your email account. Email messages that you have on our mail server can be downloaded, and email addresses of the people you correspond with will be harvested, and possibly used as targets for future spam campaigns. (ever wonder why you sometimes get spam from email addresses you know?) In addition, spam originating from an LMi.net mail server damages our reputation amongst other mail providers, making it more difficult to send email to the outside world.

Phishing emails will request that you either respond to the email with sensitive information (including your email password), or follow a link from the email to a site that requests you fill out a form that requests your email password. That request is usually coupled with a warning that your account could be shut down if you don’t follow their instructions. In reality, the opposite happens… when your account is used to send spam, we disable your email account until you contact us to change your password.

Phishing scams have gotten more elaborate than ever. A recent phishing email appeared to come from LMi.net, and directed users to login to “LMi.net Webmail”, which looked exactly like our real webmail interface. If you were to look at the URL in the browser, you would notice that it was not actually on the lmi.net network, but many people don’t notice this.

There is one simple, foolproof way to recognize a phishing scam: Any email that that directs you to type your email password in an email or web form is always a scam. LMi.net will NEVER send out an email asking you to provide your email password, and the same can be said for any legitimate company. In general, the only time you should ever be typing your email password is when you are logging in our webmail interface on your own direction, or configuring your email client software.

 

Further reading: https://en.wikipedia.org/wiki/Phishing