We’ve noticed an uptick in phishing attempts targeting our user base. These are attempts by bad actors to take over your account and use your resources or information to cause harm.
The most recent examples are emails sent to some users’ inboxes which contain links to a non-DigitalOcean site (perhaps a lookalike site) to reset your password or gain control of your account. Do not click on these links!
Today we learned that some DigitalOcean customers received an email designed to appear as though it was from Customer Support at DigitalOcean. Its subject was “Account Ref: [Various Number and Letters],” and the email claimed that the user account had been disabled. The easiest way to tell that this isn’t a real DigitalOcean message is that it doesn’t come from firstname.lastname@example.org.
Please do not click on any of the links in these emails. We do not send account recovery links in our emails for this reason. Instead, we will ask you to log in to your accounts directly.
If you did click on the link and enter your account credentials, immediately try to change your DigitalOcean password by logging in at http://cloud.digitalocean.com/login. If you are unsuccessful, or if you believe your account has been compromised, please open a ticket with Customer Support.
For increased security, we also highly recommend enabling 2FA (two-factor authentication). For how to do that, please visit How to Manage Two-Factor Authentication.
Stay safe out there!