Ionos customers have been targeted by cyber criminals attempting to steal access data through phishing emails. The email suggests that the recipient must change their mail client settings to continue accessing their mailbox. This is because Ionos is currently switching from unencrypted mail access and phasing out TLS 1.0 and TLS 1.1 encryption protocols. The phishing email is structured as a last reminder, urging customers to adapt their email access to current security standards. It includes an HTML file attachment instructing recipients to activate their account by downloading the attachment and following the instructions.
However, the file does not contain configuration instructions, but instead a login form prompting customers to enter their access data. Once submitted, the form directs the customer to a real Ionos page containing information about deactivating unencrypted email access. However, the deceptive phishing domains are all active under the same IP as businessmail-ionos.net, which is owned by the offshore hoster Panamaserver.
Customers who have received such an email with an attachment are advised to delete it unseen. Anyone who has already fallen for the scam should immediately change their access data at Ionos. Customers can find information about switching off unencrypted mail access directly from Ionos. In addition, it is important to be able to recognize phishing emails and fend them off to prevent future attacks.
