Panix Help System: Mail

Phishing attempts

"Phish" is the word used to describe email that tries to get recipients to compromise their accounts, identities and/or computers.

The email is designed to look like it comes from people with whom you do business-- like your ISP, or your bank. It often warns you that something unfortunate will happen to your account (e.g. that it will be closed, or that you won't have access to it) unless you do what the email tells you to do.

Typically, what the email tells you to do is to reply with sensitive information, or to click on a link, or to run an attachment.

Be very suspicious if you get mail like that, whether it pretends to be from Panix or from any other company. It's probably fake. If you think it might not be, you should check with apparent sender.

Panix does not undertake to notify our users when we see such email. Not only would the repeated messages be annoying to many people, we could not possibly be sure of sending an alert quickly enough to reach everyone. Instead, we my occasionally send general alerts including advice about these attempts and precautions to take.

The following suggestions are not exhaustive, but they should help:

•Never send _any_ sensitive information in email, no matter who seems to be asking you for it. Sensitive information includes passwords, social security numbers, credit card information, and much more.): (Panix staff will never ask you to email that information. You can enter it into our secure server at config.panix.com or you can telephone our office (+1 (212) 741-4400) during business hours (10am-6pm (NYC time) M-F) and speak to a member of our staff.)
•Be suspicious of any email warning about a problem with your account, especially if it is not signed by a specific Panix staffer or if it's a copy of mail addressed to someone else. If you have any questions about any such email, you can call us at +1 (212) 741-4400 or send email to staff@panix.com. We never sign our email with generic terms like "the panix.com team" or "the Panix staff".
•Panix never sends email attachments that we ask you to run to "fix" something or to facilitate a login. Messages that ask you to run their attachments are always an attempt to trick you into installing malicious software on your computer or to hijack your login credentials.
•Never click on links in email - even if the link looks correct on your screen, as it is easy for mail senders to place false labels on links. Instead, when visiting password-protected sites like your Panix webmail or a financial institution, use cut-and-paste to copy the link into your web browser or re-type the link yourself. Always double-check the link as it appears in your web browser's address bar before surfing to it. (Remember that you can bookmark links in your browser so that you do not have to re-type them.)
•You may want to bookmark these important Panix sites:
Secure account management server: config.panix.com
Secure webmail login page: mail.panix.com
• If you have any question about email you received that looks like it's from us, please feel free to ask us whether it's genuine. We'd much rather answer the same question many times than to have your computer become infected!

And if you're feeling ambitious and know your way around email headers:

• If you get mail that might be from us but you aren't sure, see if you can verify that it was not sent from outside Panix. If we're sending the mail directly to you at your Panix account, all the Received: headers should be Panix machines.

Feel free to pass suspicious mail purporting to be from us along to us in its original form (that is, with all headers and attachments), with a brief comment or question to provide context. That helps us take action against the sites involved in sending that mail.