Last night, we became aware of emails that were sent to a small percentage of our customers in an attempt to “phish” their login credentials to their A Small Orange customer area. This email asked our customers to log into what appeared to be a version of our customer area in order to confirm changes to a “tariff plan.” This email was not valid and if you received it, you should not click on it.
The fraudulent Customer Area page was not hosted by ASO itself, but instead mimicked ASO’s design in an attempt at tricking our customers into providing their login information on the mimicked page so the phishers could capture customer login credentials. After an investigation, we have determined that the email addresses that the phishers used to contact the small percentage of customers were gleaned from publicly available domain name whois records of domains that use ASO’s shared nameservers. As far as we can tell, the entire attack was conducted using publicly available information and no customer information was compromised unless customers clicked on the fraudulent link and provided their login details.
Once these emails were reported to us, we immediately began auditing all accesses to our systems that originated from the domain that the phishing page was held on. During the course of this investigation, we were able to determine which customers had clicked the link and potentially provided the fraudulent site their login credentials based on the remote inclusion of the domain name in the access link that the phishing page had used. As a security precaution, we have reset those customers’ passwords in case their logins were compromised, and sent those customers emails with information on how to reset their passwords.
If you received this email, but did not click the link or provide that login information to the site, your login information and accounts should be safe and secure. We have also emailed all customers who we believe received a phishing email with general information about this incident and how to stay safe from phishing attacks in general.
If you would like to change your login information just for your own peace of mind, please follow the directions below.
Customer Area Password Reset:
- To reset your Customer Account Login, you should follow this link: “https://customers.asmallorange.com/pwreset.php” and enter the email address associated with the account, then hit submit.
- After that, you’ll get an email called “Your login details for A Small Orange.” (If you don’t see it within 15 minutes, check your SPAM folder. It might be waiting there.) Follow the link in the email, which will allow you to type in a new password.
- After that, you should be able to go to “https://customers.asmallorange.com/clientarea.php” and login with your new password.
Please note that these two URLs are the only two ASO for logging into or changing your ASO customer area or account login. Any links that take you anywhere else to do so should always be considered suspect.
cPanel Account Password Reset:
If you would like to also reset your cPanel password, you can do so by signing in to the Customer Area at https://customers.asmallorange.com/clientarea.php. From there, you would:
- Look under “Your Services” section click on “Your Services”
- To the right of your hosting package click on “View Details”
- The second tab is where you can “Change Password” and also shows your username
How to detect a fraudulent email message claiming to be from ASO:
- Any E-mail coming from A Small Orange will come from an email address ending in “@asmallorange.com”, although you should not trust the “From” address, since attackers can spoof this address.
- Any email coming from A Small Orange will not have email addresses associated with private companies such as Yahoo, Hotmail, Gmail, etc.
- Look for poor word choice, phrasing, spelling, or extra words that are not needed in the text.
- Links to A Small Orange customer area websites will always begin with https://customers.asmallorange.com/ . For example, you should not trust a link that looks like this: http://customers.asmallorange.com.liyfouyfiuuf.wildflowerxudej.com/. If you are suspicious of a link in an email, use your mouse to “hover over” the link to see the web address and make sure it is sending you to the location it claims it is.
- A Small Orange Customer login areas will always be secured by SSL, and always begin with https://
For more information on phishing and how to protect yourself, please visit these two great overview pages:
If you are interested in adding domain whois privacy to your domain name (and subsequently keeping your email address out of public whois records), please see this article in our knowledge base for more information.
The security of your account is one of our top priorities and we felt it was important to provide our customers with information about this incident. As always, please let our support team know if you have any questions. We are standing by and ready to assist you 24 hours a day, 7 days a week.