Security

How to protect yourself from email interception fraud

Mail interception fraud is when criminals steal information such as email usernames and passwords allowing them to hack personal or business email accounts.

They monitor incoming mails and intercept emails with private information such as invoices with banking details or account information. The fraudsters then respond to these emails as if they are ‘the business’ using fake banking details defrauding individuals and companies out of large sums of money.

How fraudsters intercept mail

1. Fraudsters obtain the email passwords of mail accounts through phishing and spoofing scams.

Email phishing and spoofing. To know more about Email phishing and spoofing scams, please read our Help Centre article for assistance.

2. They then log in via webmail and create malicious forwarders and filters in an attempt to intercept sensitive emails, specifically ones related to financial information such as: invoices, payment requests, banking details exchange etc

Log in via Webmail. If you would like to know How to access Webmail, please read our Help Centre article for assistance.

3. Fraudsters then monitor these mailboxes until the perfect opportunity arises. For example: A buyer sends an email requesting banking details from a seller.

4. The fraudsters then intercept these emails and hide the email from you before you can see it. They do this by creating a filter that sends all your incoming email from that address to your trash folder

5. The fraudsters will then reply to the intercepted email using your compromised email account or they may use another domain and simply set the senders address as your email address (this known as spoofing) to make it look like the mail came from your email account with the banking details changed.

6. The unaware buyer will then make the payment and transfer the money into the fake bank account from the details received.

How to minimise the risk

  • Use different passwords for all the other email accounts pertaining to your domain.
  • Reset and have new passwords for all email accounts pertaining to your domain.
  • Run security scans on any personal computers/devices with access to the email accounts.
  • Use an SSL certificate in your email client settings.

What is an SSL certificate? If you would like to know more about Understanding SSL certificates, please read our Help Centre article for assistance.

  • Look at alternative methods to supply invoices, such as online invoicing services.
  • Periodically monitor filters and forwarders in the control panel, this includes per email account filters as well as global filters.
  • Regularly update your password.
  • Use complex, secure passwords.

How to create a strong password. It is important to create a strong and secure password or passphrase. A password should be a minimum of 10 characters. Include uppercase, lowercase, numbers and use at least one special character (e.g.: =~_ {} @^&>*) in the password.

Received a security notice from Afrihost?

If the Afrihost security system and team notice any suspicious or fraudulent activity on your domain email account you will be notified.

Afrihost may have picked up that fraudsters have:

  • Accessed your email account/s.
  • They know the password of your email account and have used webmail to access the email account and create filters to intercept all/specific emails as per the filter rules they have created.

View your email filters If you would like to know How to manage email filters in cPanel , please read our Help Centre article for assistance.

To protect your account Afrihost have taken steps to remove or limit the threat. To continue using your email account you are required to login to cPanel via ClientZone/cPanel and set a new complex password for the email account that has been compromised and locked.

Log into cPanel. If you would like to know How to log into cPanel , please read our Help Centre article for assistance.

If you suspect any suspicious activity on your domain account, please notify our security team immediately so the threat can be investigated and removed.

Still have questions? Contact us on any of the platforms below