Wave of fake emails impersonating web service provider OVH detected

In recent hours, numerous fake emails have been detected, in which attackers impersonate the web service provider OVH. These emails claim a supposed failure in the automatic renewal of a domain and indicate that the user must manually renew it or the domain will be suspended. The body of the message contains a link that supposedly takes the user to the OVH client area, where they could fix the renewal issue by entering payment information to proceed with the manual renewal of the domain. They also warn that if the payment is not made within the next 3 days, the domain will be lost.

The attackers’ goal is to trick the user into clicking the link for the supposed manual renewal, driven by fear of losing their domain. Clicking the link would take the user to a fake page simulating OVH’s legitimate site, where they would be asked for their credit card information. These details will not be used to renew the domain, but rather to steal money from the card.

As in previous alerts, SOFT LINE recommends not following links in suspicious emails, nor opening attachments in such emails. It is advisable to always access the official website of the entity that supposedly sent the email, rather than using the link provided. You can also call the legitimate entity by phone if you have doubts about the received email.

And remember to always keep your antivirus operational and up to date, as well as maintaining a good backup system out of reach of malicious attacks.