Warning: Phishing asking you to reactivate domain

Varning för phishing-mejl

This weekend (8 October 2023) it has been brought to our attention by some customers that they have received a new type of phishing email. The email tells you that you risk losing your domain name and that you have 7 days to reactivate it. The link sends you to a login page that looks like ours on Oderland.se but with a completely different address.

This is fake and incorrect. If you have received this, you can throw it in the rubbish bin. Do not act on it.

Of course, we find it sad that there are those who spend their time trying to deceive our customers, and others, in this way. Unfortunately, it’s common on the internet and we can’t protect against everything. Being vigilant and critically analysing mailings is the best way. You can learn more about phishing in our support section.

If you are ever in doubt, you are always welcome to contact us, by email, phone or chat to confirm whether the email you received is genuine.

Example of what the phishing email looks like

We can see below that the headline is in Danish while the rest of the text is in Swedish. This should give some warning signals. Otherwise, the email is written in pretty good Swedish, which shows that more and more phishing emails nowadays probably use machine learning to translate texts.

The mailing also lacks information that we would have had. The greeting is “Dear customer”. In our real mailings, we have your name, as well as information about which services the mailing concerns.

Finally, for security reasons, we ask you never to click on a link to update your data with us.

Further examples

One of the links in the email sends you to an odd address in the web bar, but the content is basically a copy of our website.

Always check the address bar to make sure you are on the right page.

Via other channels

We have also received notifications that it has also been sent via other channels such as Signal. Most likely, those who sent out have managed to get this out via whois information for the domain name or that information appeared in an external database leak (can be checked via haveibeenpwned ).

We never send links via SMS or other messaging services for payment etc. but in such communication we ask in text that you should log in to the customer department.