Phishing Emails Targeting StartMail Customers on the Rise: Here’s What to Watch Out For
At StartMail, we prioritize the security of our users. Unfortunately, as our user base continues to grow, so does the number of phishing emails targeting our customers. While we strive to block any suspicious activity and promptly respond to user reports, cybercriminals are still able to produce convincing emails that appear to be from StartMail. We want to remind our users to remain vigilant when it comes to opening emails and clicking on links, particularly those claiming to be from StartMail.
To assist with this, we've compiled helpful tips and advice in this article on how to protect yourself from phishing attacks. You can also look for our Official Badge in all genuine StartMail emails as a way to verify their authenticity. Read on to learn more about phishing and how to stay safe online.
Recognizing a phishing email
Phishing emails usually have some common characteristics:
- An urgent call-to-action, such as a time-sensitive request to change your password or update your account information.
- Asking for personal information or login credentials such as usernames, passwords, or credit card numbers.
- Some phishing emails will have links embedded in them, so you should be sure to check the link before clicking on it, as it may lead you to a fake login page.
These are some recent examples of phishing emails our customers have received:
For more information on how to identify a phishing email and protect your account from being hacked, check out these StartMail articles:
- Quick Guide to Phishing: https://www.startmail.com/quick-guide-to-phishing/
- 4 Steps to Prevent Your Email From Getting Hacked: https://www.startmail.com/steps-to-prevent-email-hack/
- 6 Common Types of Email Scams to Watch For: https://www.startmail.com/6-common-types-of-email-scams/
By learning more about phishing scams and knowing what to look for, you can protect yourself from these malicious attacks.
What to do if you receive a phishing email
If you receive an email asking for personal information or passwords, do not click on any links included in the email. Here’s an overview of what we do and do not do in our official customer communication:
StartMail will never:
- Ask you to update your password or 2FA code. StartMail passwords do not expire and we will never send a link asking you to change your password unless you initiate a password reset yourself. Similarly, we will never ask you to update your two-factor authentication (2FA) code.
- Cancel a subscription within 24 hours if a subscription is active and paid. If there’s a problem with your payment or your subscription is about to expire, we will show a notification banner in your StartMail webmail environment.
- Ask you to enter any personal information or login credentials on any other page than mail.startmail.com.
It's important to be aware that the visual appearance of a link may not always match the actual destination URL. Therefore, we recommend taking extra precautions before clicking on any links. To verify where a link will take you, hover your cursor over it to reveal the underlying URL. You can usually find this information in the lower left corner of your browser. Always double-check the URL before clicking on any links, especially if you don't recognize the sender or the website.
StartMail may ask you to:
- Update your payment method if we do not have a valid payment method on file. We recommend always updating your payment method in the subscription settings of your account (Settings - Subscription - Manage subscription - Payment methods).
- Provide feedback on products or services or extend invitations to take part in anonymous surveys. Periodically, we may send emails about company or feature updates, as well as tutorials on how to use certain features. Be assured, none of these will ask for your personal information, such as login credentials or credit card details.
We want our customers to feel secure when using StartMail. If you have any questions or concerns, don't hesitate to contact our support team at email@example.com immediately and do not click on any links included in the email. Remember that the only URL to use to log in to a StartMail account is mail.startmail.com.
Introducing our Official Badge
Additionally, we have launched labelling for our official emails to safeguard your data from malicious actors. Our ‘Official Badge’ appears next to all emails sent by our company, giving you an easy and reliable way to verify the authenticity of emails you receive from StartMail.
Here is what it looks like:
Please note that the Official Badge will only be visible in our webmail environment. If you’re using an IMAP connection to send and receive your StartMail emails, we advise you to log in to your webmail to ensure the legitimacy of any emails.
If you receive an email from StartMail that does not have this badge, please do not open it or click on any links. Instead, report it to us immediately and delete it from your inbox. We hope this new feature will help you stay safe and secure online.
Secure Your Account with Two-Factor Authentication
One of the most effective ways to protect yourself against phishing attacks is to enable Two-Factor Authentication (2FA) with an authenticator app on your mobile device for an additional layer of security. That way, even if someone gets hold of your password, they won't be able to access your account without a one-time code sent to your phone.
Protect yourself today!
Even the most vigilant among us can sometimes click on a suspicious link before we realize what we're doing. If that happens, don't panic! One thing you can do is to change your StartMail account password right away. This will prevent any unauthorized access to your account and help protect your sensitive information.
Remember, if you ever suspect that your account has been compromised, be sure to contact the StartMail support team at firstname.lastname@example.org immediately for assistance.