August 2017: fake OVH invoice emails are circulating (in general for an amount of €5), with a fraudulent link designed to steal your credit card number, be extra vigilant!
Simple actions to protect yourself
Add two factor authentication access to your OVH Control Panel
Connect to https://www.ovh.com/manager/ then under your account’s ‘Security’ parameters, click on ‘Activate Two Factor Authentication’.
Two factor authentication (also known as ‘strong authentication’) makes unauthorized access of your OVH Control Panel much more difficult, even if your username and password have been compromised.
Verify the senders address
If the address does not end with ‘@ovh.com’, it is probably a fraudulent e-mail.
However, it is easy to change the sender’s e-mail address. This information alone is not sufficient to verify the origin of an e-mail.
Verify directly in your OVH Control Panel
Connect via https://www.ovh.com/manager/. In addition to OVH sending an e-mail, a specific message will be displayed if an urgent action is required, such as needing to make payment of an invoice.
Do not open any attachments
An authentic email from OVH will never include attachments or software; these can contain viruses or spyware.
Read the text carefully
If you observe random translations with incorrect terms or obvious spelling mistakes, this is probably a fraudulent email.
Fraudulent e-mails have a sense of urgency. They are designed to push you to act in haste and forget basic security rules.
Links appear correct, but may mislead you. Move your mouse over the link or button in the email to view the address (URL). If the link seems suspicious, do not click on it.
The following websites are official OVH websites:
- ovh.com, ovh.com.au, ovh.co.uk, ovh.cz, ovh.de, ovh.es, ovh-hosting.fi, ovh.ie
- ovh.it, ovh.lt, ovh.nl, ovh.pl, ovh.pt, ovh.sn, ovh.us
Report a phishing page
Help us eradicate phishing sites from the web.
If you think you have discovered a page that pretends to be another for the purpose of obtaining your personal information, you can report it at https://phishing-initiative.fr/, https://safebrowsing.google.com/safebrowsing/report_phish/ or http://toolbar.netcraft.com/report_url.
If you have been a victim of phishing
If you entered your credit card number on a fraudulent site
Contact your bank as soon as possible, in order to have your credit card blocked and indicate the date and if possible the time at which you entered your credit card number. Only your bank can cancel fraudulent transactions that may have been made without your knowledge.
If you entered your OVH password on a fraudulent site
Log into your OVH Control Panel and change your password immediately.
We strongly advise you to activate two factor authentication factor to secure your account permanently. To activate two factor authentication, refer to the first part of this guide.