I received a seemingly legitimate email from HostGator this morning, and here are the details:
Dear Valued HostGator Customer YOUR NAME WILL BE HERE. |
This notification is generated automatically as a service to you.
We have received a request that the name servers be changed for the following domain name(s):
"your domain name will be here"
If you are monitoring this name with Domain Backorders, the above change is also displayed in the Monitoring and Backordering section of your Account Manager.
Use the link below:
Now as you can see, this email looks real enough. Even the "from" address seems to be the real HG email address. The link they direct you to appears to be a real HG link to the customer portal. It's only like that on the surface though. The link that you see is not actually the real URL address.
If you click the link they give, it will take you a site that looks EXACTLY like the HG billing support/customer portal. I damn near logged in with my user name and password. What stopped me was when I looked at the URL.
The real HG billing portal URL is this:
The URL that I landed on looked to be set up on WordPress. The page was ALMOST identical, but when I looked closer I noticed that there were differences in text style and spacing, and the "View Our Support Articles" button at the top right of the page is much smaller on the phishing site.
I took screen shots so you can compare and this will help you to make sure you don't get phished. The main thing to look for, however, is the URL that is in your address bar. I am not going to give out the actual URL, just in case it was stolen or taken over from an innocent person (the URL has a full name in it).
Here is the REAL HG customer portal:
Here is the FAKE HG customer portal:
Look at the text on the fake site.You will notice it is much thinner and spaced much more closely than the text on the real site. The real difference is in the button to the top right of the page. On the fake site, it's much smaller.
PLEASE don't fall prey to this. If you were to click over to the fake site and log in, I'm pretty sure the scammers would now have access to all of the personal information that's in your customer portal. Worse, they could use that information and pretend to be you to gain access to your hosting account and wipe you out! You should have a backup, but that's not the point. It's a big pain in the butt!