Recent phishing attempts and how to avoid them

Recent phishing attempts and how to avoid them

Share this article

At WHC, ensuring the safety and success of our clients online is paramount. We're addressing a recent security issue that could potentially impact you.

What’s the issue?

We've been made aware of phishing attempts targeting our customers through emails masquerading as official communication from WHC. As an example, some clients have reported receiving "Auto Renewal Failure" notifications from email addresses claiming to be affiliated with us. These emails are not from WHC, and we urge you to exercise caution. These messages aim to trick individuals into providing sensitive information, such as login credentials, by redirecting them to a fake website that looks very similar to ours.

Identifying phishing emails

Phishing email example
Phishing emails often create a sense of urgency or fear, prompting immediate action. The goal is to trick recipients into providing sensitive information or clicking on malicious links. Here are a few red flags to watch for:

  • Suspicious links: Hover over any links in the email (without clicking!) to see if the URL directs you to our official website.
  • Unfamiliar sender: The email comes from an address that doesn't match our official domain (
  • Requests for personal information: We will never ask for your password or sensitive account information via email.
  • Spelling and grammar mistakes: Spelling errors can be a sign of phishing. To ensure that you are not accessing a phishing site, you can directly type the URL into your browser. For example: is LEGIT is LEGIT is FRAUD is FRAUD

Immediate steps to take

  1. Enable Two-Factor Authentication (2FA): If you haven't already, we strongly encourage you to activate two-factor authentication on your account. This adds an extra layer of security, ensuring that you're the only person who can access your account, even if your password is compromised.
  2. Verify website authenticity: Before logging into your account, please double-check that you are on our official website, Look for the secure lock icon next to the URL and verify that the address is correct. This simple step can greatly reduce the risk of falling victim to phishing attempts.
Be aware that savvy attackers might also utilize SSL-secured websites. You can review the website certificate to confirm that it is safe. Most browsers will display this information if you click on the padlock icon and follow the certificate details steps. Check that our name is displayed in the organization field.

How we're responding

  • Monitoring and response: Our security team is actively monitoring the situation to mitigate its impact and prevent its reoccurrence.
  • Support and assistance: Our bilingual tech support team is available 24/7 in English and French via chat, phone, or tickets to assist with any concerns or questions you may have regarding this issue.

What to do if you’ve been duped

Discovering that you've responded to a phishing attempt can be unsettling, but taking prompt, decisive action can help mitigate potential damage. Here's what you need to do immediately:

  • Change your passwords right away: Secure your accounts by updating your passwords. This includes your Client Area, email, WordPress logins, and any other services you use. Opt for strong, unique passwords that are not easily guessed.
    When resetting your passwords, always use the official password reset methods. Never click on any links received from an untrusted email.
  • Enable Two-Factor Authentication (2FA): If you haven’t already, enabling 2FA on your accounts provides an additional security layer, making unauthorized access significantly more difficult.
  • Check your account for malware or unknown content: Review your accounts for any unfamiliar activity or files that you did not upload. Phishing attacks sometimes involve uploading malware to compromised accounts. If you find anything suspicious, contact our support team immediately for assistance.
After completing the above guidelines, if you suspect that your website or organization is a victim of fraud, use the Canadian Competition Bureau reporting guide to file a report.

Take action

If you have received a suspicious email, please do not click on any links or provide any information. Instead, report it to our support team immediately. Additionally, we advise conducting a thorough review of your account for any unusual activity and updating your password regularly as a precaution.

About the author: Marine Nolf

Marine's the Marketing and Content Specialist here and WHC's voice online. She enjoys creating inspiring copy and eye-catching visuals. In her spare time, you can find her exploring Montreal, baking cookies, or volunteering in animal shelters.

See all articles from this author Interested in writing for Web Hosting Canada?
Web Hosting Canada manages fast and reliable online infrastructure with 24/7 support. Learn more about WHC