Fake Combell emails
It came to our attention that fake emails were being sent out in our name (on 18/02 and 19/02) to some of our customers. In this email recipients were prompted to log on to My Combell, our control panel. In reality this was a fake version of our control panel and the login details were sent off to individuals who undoubtably had bad intentions with it.
Because we value the security of our customers and their data, we would like to inform you further about this incident via this page.
What exactly happened?
- We've gotten word from several customers that they received an email supposedly from Combell, informing them of irregular behaviour on their account
- These emails were not sent by Combell but by a third party who used our logo and name to draft a so called "phishing mail"
- These emails were sent to random email addresses (info@, webmaster@, david@, tom@, ...) of domain names that are registered by Combell
- The email prompted users to click on a link and log on to My Combell with their customer details, to verify their identify
- In reality, the visitor was redirected to a fake version of our website, which also was not hosted by Combell
- When a user would log on to this fake website using his customer credentials, these credentials would most likely be sent off to a malicious person or organization. The details could then be used to illegally log on to a My Combell account and alter or delete services and products, place fake orders, ...
Wat do you need to do when you left behind your login details?
- If you have received this email, clicked on the link and logged on with your credentials on this fake page, you need to take action immediately
- You need to reset the password of the My Combell account which you used to log on. You can do this via https://my.combell.com/en/password.
- With this customer number and new password you can then log on again to My Combell
- We strongly advise you to reset all the passwords of your My Combell users, and also all passwords of all products that you have with us (webhosting, FTP users, the passwords or your mailboxes, ...)
- We also strongly advise you to report this incident to firstname.lastname@example.org. An engineer will inspect your account and might give you more tips and advice to securing your data even more
- If you see it fit, you can also file an official complaint at your local police station
What did Combell do to mitigate?
- After we have seen these fake emails (on 18/02 and 19/02) and complaints from our customers, we have responded immediately. This was around 7:30AM.
- We have contacted the company that was used to host the fake website. After deliberation the website was taken offline at about 8:20AM. From this point on, it was no longer possible for customers to leave behind their customer details on this fake website.
- Our spam filters were patched at around 8AM to block any new fake emails.
- Combell is preparing a case to hand over to the authorities. We have internal procedures regarding security to handle these cases, in line with our ISO certification.
- Combell has requested further information at the hoster of the fake website to possibly identify customers that might have been affected or that were misled
What should you take into account in the future?
- Combell will never send you an email requesting you to log on with your customer details, unless this was triggered by you (for example for a password reset)
- All Combell websites start with "https://" and contain our official domain name "combell.com". Often, you'll also see the name "COMBELL NV" in the address bar, and the color of the address might also be green.
- If you're unsure, don't hesitate to contact us. We know exactly which emails we have sent to you so we can quickly identify fake emails.
If you need further information on these fake emails, or if you think you are a victim of this, please contact us as soon as possible.
Example of fake emails: