WebCubic ... where customer success is our only job

Protect yourself from fraudulent emails

Another term for this fraudulent activity is "phishing" - as in "fishing" for someone to take their bait.

Here are a few examples of the SUBJECT lines of these emails that we've recently seen. If you see them, delete these emails without opening them.

• *DETECTED* online user violation
• Email account suspension
• Important notification
• Notice of account limitation
• Security measures
• Warning message: Your services near to be closed
• You have successfully updated your password
• Your new account password is approved
• Your password has been updated
• Your account has been suspended [for security reasons]

We want to make sure that you don't become victims of these "spoof" emails. Here are a couple of things that you can do to make sure the email likely came from one of us at WebCubic.

1) most of our emails come from a single named individual - not a function. They will be addressed to single individuals - you, for example - and not to a group.

For example, you may receive email from Shig Nishio (shign@webcubic.com), but it's most unlikely that you'll receive email from a function (support@webcubic.com or sales@webcubic.com).

We do not ever expect to send email from webmaster@webcubic.com, register@webcubic.com, or info@webcubic.com. You should regard these as spoof email.

If we ever do send out a generic or group announcement, it will only be that - an announcement. No attachments. No hyperlinks. Nothing that would cause problems for you, the email recipient.

2) we include a signature block - formatted to show the sender's personal name, WebCubic's name, our address, telephone number, and email address.

3) we may provide you with information about products, services, events, or new programs. We will not ask you to verify your account information, your password, your credit card, or similar items. REPEAT, we will not ask for personal or financial information.

However, from time-to-time, we may send out renewal notices - but, as mentioned above, it will come from a highly recognizable WebCubic named source and be addressed to you. The requested action will be to call us to resolve the matter.

4) we spell check our emails, so it would be unlikely that there would be spelling errors. We are capable of making mistakes, however it's a fact - spoof emails have a higher frequency of spelling and grammer errors.

5) we do not send attachments unless specifically requested. If you receive an email that appears to come from WebCubic, but you did not request anything to be sent - do not open the attachment. Contact us first if there is any question.

As a general rule, you should be careful of any links that are included in emails. Always check the source of any link before you click on it. If you put your mouse over the link, you will see the URL in your email status bar. If it looks incorrect or suspicious, don't click it. If it contains an IP address (four groups of numbers seperated by periods as in 12.345.67.890) then be especially wary.

We have created a "message" area on your website administration page. WebCubic will publish announcements using either this web log or the message area. This will reduce our need to use email for general announcements.

You can always call WebCubic if you are unsure about any email that looks like it was sent by WebCubic.

There is more information about this at the PayPal website. Since they are hacked by these "spoofers", they've written a nice article on this problem. Look on their home page and scroll down until you see the article "Protect yourself from fraudulent emails".

posted by Shig Nishio @ 9/13/2005 09:30:00 AM