Last night, we became aware of emails that were sent to a small percentage of our customers in an attempt to “phish” their login credentials to their A Small Orange customer area. This email asked our customers to log into what appeared to be a version of our customer area in order to confirm changes to a “tariff plan.” This email was not valid and if you received it, you should not click on it.
The fraudulent Customer Area page was not hosted by ASO itself, but instead mimicked ASO’s design in an attempt at tricking our customers into providing their login information on the mimicked page so the phishers could capture customer login credentials. After an investigation, we have determined that the email addresses that the phishers used to contact the small percentage of customers were gleaned from publicly available domain name whois records of domains that use ASO’s shared nameservers. As far as we can tell, the entire attack was conducted using publicly available information and no customer information was compromised unless customers clicked on the fraudulent link and provided their login details.
Once these emails were reported to us, we immediately began auditing all accesses to our systems that originated from the domain that the phishing page was held on. During the course of this investigation, we were able to determine which customers had clicked the link and potentially provided the fraudulent site their login credentials based on the remote inclusion of the domain name in the access link that the phishing page had used. As a security precaution, we have reset those customers’ passwords in case their logins were compromised, and sent those customers emails with information on how to reset their passwords.
If you received this email, but did not click the link or provide that login information to the site, your login information and accounts should be safe and secure. We have also emailed all customers who we believe received a phishing email with general information about this incident and how to stay safe from phishing attacks in general.
If you would like to change your login information just for your own peace of mind, please follow the directions below.
Please note that these two URLs are the only two ASO for logging into or changing your ASO customer area or account login. Any links that take you anywhere else to do so should always be considered suspect.
If you would like to also reset your cPanel password, you can do so by signing in to the Customer Area at https://customers.asmallorange.com/clientarea.php. From there, you would:
For more information on phishing and how to protect yourself, please visit these two great overview pages:
If you are interested in adding domain whois privacy to your domain name (and subsequently keeping your email address out of public whois records), please see this article in our knowledge base for more information.
The security of your account is one of our top priorities and we felt it was important to provide our customers with information about this incident. As always, please let our support team know if you have any questions. We are standing by and ready to assist you 24 hours a day, 7 days a week.