Your Email Account Isn’t as Safe as You Think
Why phishing emails are on the rise and what you can do to protect yourself
We’ve seen a big uptick in phishing emails targeting small business owners, including many of our own hosting clients who have their email through Rackspace. These attacks are getting more convincing, and unfortunately, they’re working.
People are clicking links, entering their login credentials, and suddenly their inbox is sending out spam to everyone they know or worse, scammers are using the account for something much more targeted.
So let’s talk about what phishing is, how it works, why reusing passwords is so dangerous, and what you can do to protect your accounts before something goes sideways.
What Is Phishing?
Phishing is the act of tricking someone into giving up their login info by pretending to be a legitimate company or service. These emails usually create a sense of urgency “your mailbox is full”, “there’s a security risk”, or “your account needs to be verified” and include a link to what looks like a real login page.
Spoiler: it’s not.
Once you enter your credentials, the attacker now has full access to your account.
Why Reusing Passwords is a Disaster Waiting to Happen
This is where things get especially risky. A phishing attempt might not even target your email directly. It could come from what seems like an unrelated site. Perhaps an old tool you used once or a service you don’t think twice about. The problem is, if you used the same password there as you do for your email, they now have access.
Even worse, you’re not necessarily the one being phished. Service providers can likewise get phished or otherwise compromised and instead of one person’s credentials being exposed, they now have access to everyone’s credentials who has used that service. If you’re using the same username/email and password combo for your email account as you did for a site that was compromised, it’s just a matter of time before someone gets into your email.
And once someone gets into your email, the door is wide open:
- They can reset your passwords for banking, PayPal, or anything else tied to that email.
- They can use it to impersonate you and trick clients or coworkers.
- They can sift through your inbox to find invoices, payment links, and sensitive data.
- They can use it to get two factor authentication codes sent to your email to get into sites you thought were secure.
Your email is the hub. If it gets compromised, everything else is suddenly at risk too.
What Scammers Do With Access
Once inside your inbox, here’s what usually happens:
- Spam & scam campaigns: Your account gets used to send bulk emails to phish others.
- Fake invoice scams: Scammers impersonate you or your business to request payments.
- Account takeovers: They use your email to reset passwords on other sites.
- Reputation damage: If your account starts sending out spam, your domain can get blacklisted, making it harder to reach your real customers.
Your Email Provider Will Never Ask You to Log In “For Security Reasons”
Just to be clear: you will never get a real email from your email provider telling you to log in to prevent an account lock, confirm storage usage, or verify your identity.
If you’re using Rackspace email through our hosting, you’ll hear about any issues directly from us—not from a vague automated message with a login link.
Still, these phishing emails are convincing. So let’s look at how to spot one.
Phishing Email Red Flags: A Quick Checklist
Subject lines and urgency
- “Your mailbox is full. Action required.”
- “Unusual login activity detected”
- “Your account will be suspended in 24 hours”
Sender address
- Look closely. Is it really from @rackspace.com (or your email provider’s primary domain), or something like @mail-securitycenter.com? Sometimes they’ll register a domain that contains the name of your email provider in it to look more convincing like @rackspace-supportservices.com.
- Hover over the name to see the actual email address—it might be a spoof.
Links and buttons
- Hover first. Does the link go somewhere suspicious, or not even close to the name of your email provider?
- Don’t click anything that feels off.
Grammar and formatting
- Weird phrasing or typos? That’s a red flag.
- Vague greetings like “Dear user” instead of your actual name are also common.
Attachments
- Never open unexpected attachments—especially ZIP files or spreadsheets.
Login pages
- If the login screen looks even slightly “off,” it probably is.
- When in doubt, go to the site directly and log in from there.
Not sure?
- When in doubt, forward the email to us and we’ll confirm whether it’s legit.
Best Practices for Staying Safe
- Use strong, unique passwords for every account.
- Turn on two-factor authentication (2FA) wherever possible.
- If you’ve reused a password and think it’s been compromised, change it everywhere it’s used starting with your email.
Phishing is on the rise, and the stakes are higher than most people think. But with a little awareness and a few good habits, you can keep your accounts safe.
And if you’re a hosting client of ours, we’re here to help. If something looks off, or you’ve already clicked and entered something you shouldn’t have, reach out sooner rather than later.
