Rackspace warns of phishing risks following ransomware attack

Rackspace has urged customers to be on the lookout for possible security scams following a recent ransomware attack against the company.

Earlier this month, Rackspace became aware of an issue whereby some users were experiencing connectivity errors when accessing the Outlook Web App and syncing their mail clients, which saw it offer Microsoft 365 Exchange Plan 1 licenses to affected users free of charge until a fix would be determined. It now warns exposed users of potential phishing attacks.

Following an investigation, the company announced that it had added a “leading cyber defense firm” to its internal security team to speed up investigations, before informing users that this was indeed a ransomware attack. 

Rackspace phishing scam

Rackspace promises to have more than two-thirds of its customers migrated to Microsoft 365, and has even set up dedicated phone lines to support with transition difficulties or queries.

In the meantime, it’s an ongoing case and updates are posted regularly on the incident’s web page (opens in new tab). Updates like the warning that this potential weak spot presents an opportunity for phishers and scammers to take advantage, urging customers to stay diligent.

Its team of helpers – known as Rackers – continue to actively reach out to customers to help them maintain access to their web services from email addresses associated with the company’s domain (@rackspace.com), and it stresses that phone advisors will not ask for login credentials or personally identifiable information like social security numbers.

It also highlights the importance of language used: words like “urgent” should have alarm bells ringing. In the interest of safety, many may want to consider additional ID theft protection. 

A message in the company’s thread of updates reads:

“If you do receive a message from an individual you do not recognize, do not reply. Please login to your control panel and create a ticket, including details about the message you received.”

Right now, the company is yet to post an update about users’ data, which may potentially have been breached and/or leaked. A statement reads:

“…it is too early to say what, if any, data was affected. If we determine sensitive information was affected, we will notify customers as appropriate.”

“Out of an abundance of caution, we have put additional security measures in place and will continue to actively monitor for any suspicious activity.”