Démarrage 10 Mars 2026 Créé par Sylvain 2mn de lecture

False emails pretending to be LWS: how to recognise them and what to do

Q: Pourquoi ne pas coder les adresses mail que vous faîtes figurer sur les registar à linstar d'ovh par exemple, les mails clients sont des mails codeovh.com Cela éviterait de diffuser systématiquement nos domaines mails aux premiers robots venus

Bonjour, Je vous remercie pour votre message. Les coordonnées de nos clients sont masquées sur le Whois , sauf lorsque ceux-ci ont enregistré le nom de domaine en tant que société (pour les noms de domaines en .FR) par exemple. Dans votre cas, je ne retrouve pas votre fiche client, je ne peux donc pas me prononcer. Cependant, sachez que les SPAMS et autres mails indésirables, sont reçus, car les spammeurs envoient des emails à des adresses mails très génériques, du type contact@votredomaine.fr ... Ces derniers ont également des outils qui récupèrent les adresses mails potentielles en clair sur les sites web, et ce quelque soit l'hébergeur, l'outil whois est donc très rarement la porte d'entrée pour les spams. Je vous remercie de votre attention et reste à votre disposition pour toute autre question ou complément d'information. Vous pouvez nous contacter depuis votre espace client ou sur cette page : https://www.lws.fr/contact. Cordialement, L'équipe LWS

Lien de l'article

Sommaire

The message does not contain your customer ID.
The shipping address is incorrect.
The message tries to get you to act urgently.
The message contains a link or a payment button.
The content is vague, unusual or incoherent

Normal situation
Situation to be dealt with immediately

Deadlines and level of urgency

To be done immediately
What not to wait for

Procédure

Purpose of this article

False e-mails impersonating LWS are regularly circulating.
Their aim is to make you click on a fraudulent link or to get you to disclose sensitive information.

In this article, you will learn how to :

recognise a fake e-mail pretending to be LWS ;
check whether the message you have received is legitimate;
know what to do depending on your situation;
react quickly if you have clicked, entered your password or made a payment.

Services concerned

This documentation concerns all LWS customers using one of the following services:

domain name
web hosting
mail service
LWS customer account
services requiring renewal or action from the customer area

Prerequisites

Before following this procedure, you must :

have access to the email you received
be able to log in to your LWS customer area;
not have deleted the message if you wish to have it checked by support.

Background: why are you receiving this type of email?

Fraudsters regularly send emails that use the LWS name, logo or tone to sow doubt.

Their method is simple:

create an alarming message;
make you think that a service is about to expire, be suspended or deleted;
get you to click on a link quickly;
then retrieve your login or bank details.

These fraudulent messages do not pass through the LWS infrastructure.

It is important to note thatno data leakage has been observed at LWS.
Fraudsters mainly exploit :

public information ;
e-mail addresses found on the Internet
invented scenarios to create a sense of urgency.

When these campaigns are reported, blocking requests are made to the service providers concerned, although they are not always successful.

What types of bogus e-mail have been identified?

The bogus e-mails observed can take several forms.

For example, you may receive a message announcing :

a fake service renewal notice ;
a false contract cancellation notice
an alleged deletion of your customer account
a malfunction in your e-mail service;
an expired password for an email address;
an expired password for your customer account;
a suspended e-mail address
a deleted e-mail address;
a mailbox that is almost full, for example 95% or 98% full;
a request for identity verification;
confirmation of your e-mail address after so-called maintenance;
an urgent request for payment to avoid a service interruption.

Even if the subject changes, the aim is always the same:
to get you to click on a fraudulent link or enter personal information.

How can you spot a fake LWS e-mail?

There are several things that should alert you.

The message does not contain your customer ID.

All e-mails sent by LWS contain your customer ID in the format :

LWS-XXX depending on the case.

If you receive a message that :

asks you to click on a link ;
asks you to pay; or
asks you to verify your account
asks you to confirm your details ;

but does not contain your customer ID, you should consider it fraudulent.

The shipping address is incorrect.

LWS only communicates :

with the e-mail address registered in your customer area ;
and sends its messages from noreply@lws.fr.

If the message comes from another address, it should be considered suspicious.

Example of a suspicious e-mail:

False emails pretending to be LWS: how to recognise them and what to do

The message tries to get you to act urgently.

Fraudsters often use wording such as:

"Your service will be suspended today."
"Your account will be deleted."
"Your mailbox is almost full."
"Your password has expired."
"Last reminder before cancellation"

This alarming tone is used to push you to act without checking.

The message contains a link or a payment button.

An email asking you to :

pay a bill ;
renew a service immediately
confirm your identity
reactivate an email address;
update your password ;

via a link contained in the message, should be treated with caution.

If in doubt, never click on the link and contact LWS support from your customer area.

The content is vague, unusual or incoherent

A fraudulent email may also contain :

unusual wording
mistakes ;
requests that are too vague
exaggerated threats
inconsistency between the advertised problem and your actual services.
an inaccurate price

What to do immediately if you receive a potentially suspicious email

Follow this procedure in order.

Step 1: Don't click on any links

Do not click :

any button ;
on any link ;
any attachments.

Even if the message seems credible, do not take any action from the email.

Step 2: Don't reply to the message

Don't reply to the sender.
The fact that a well-known name is displayed does not guarantee that the email is legitimate.

Step 3: Check the elements visible in the email

First of all, check :

the presence of your customer ID ;
the sender's real address;
the type of request made;
whether the message is urgent or threatening.

Step 4: Connect directly to your LWS customer area

Open your browser yourself and access your LWS customer area without using the link in the email.

This will allow you to check the situation from the official source.

Step 5: Check whether a real action is requested

Once you have logged into your customer area, check :

your active services ;
your deadlines
your pending requests
your notifications;
the actions actually requested on your account.

If nothing corresponds to the content of the email, it is most likely a fraudulent message.

Step 6: Contact support if in doubt

If you're not sure about the origin of the message, contact LWS support via the Support section of your customer area.

Do not request verification by replying to the message received.
Always use the official channel.

How can I check that an email is legitimate?

You can only consider a message to be reliable if several elements match.

Check the following points

The message must :

contain your customer ID;
come from noreply@lws.fr;
relate to a service that is actually present in your account;
correspond to an action visible in your customer area;
not be based solely on a link contained in the email.

[bcolor_orange]

If the email asks you to take an action but no equivalent request appears in your customer area, consider the message suspicious.

[bcolor]

What should you do depending on your situation?

Case 1 - You received the email but did not click on anything

In this case :

do not take any action from the email;
check your account in the customer area;
delete the message if the fraud is confirmed;
contact support via the customer area if you would like a further check.

Case 2 - You clicked on the link but did not enter anything

In this case :

close the open page immediately;
do not enter any information;
log in to your LWS customer area to check that no real action is requested;
monitor your account as a precaution.

Case 3 - You have entered your password

If you have entered the password for your customer account or an email address on a fraudulent site:

change the password immediately ;
Choose a strong password that is different from the old one;
Check that the contact details on your account have not been changed;
check that no unusual actions have been carried out on your services.

Case 4 - You have entered your bank details

In this case :

contact your bank immediately ;
request a stop payment if necessary;
monitor your banking transactions;
keep any useful proof: email received, screenshot, time of payment, amount.

Case 5 - You have made a payment

If you have paid from a fraudulent link:

contact your bank immediately;
report the payment as suspicious;
ask for the steps to be taken depending on your card or payment method;
then check your LWS customer area to confirm that no official payment was actually expected.

Common errors and solutions

"The message looks professional, so it must be true".

This is not a sufficient criterion.
Fraudsters know how to reproduce the appearance of an official email.

Good idea: always check the customer ID, the delivery address and your customer area.

"The message talks about an urgent problem, I need to click fast".

This is precisely what fraudsters are looking for.

Good reflex: never click in a hurry.

"I saw LWS in the sender's name".

The name displayed may be misleading.

Tip: check the actual email address used to send the message.

"I clicked, so my account must have been hacked".

Not necessarily.
The risk depends mainly on what you do next.

Good reflex: if you haven't entered anything, close the page and check your account.
If you have entered a password or paid, act immediately.

"I received an email about a full mailbox, so it's probably real".

Not necessarily.

Good reflex: check from your customer area or your official tools, never from the link in the message.

"The message doesn't contain my customer ID, but it looks serious".

This is a major warning signal.

Good reflex: consider any message requesting an action without a customer ID as fraudulent.

Expected result after verification

At the end of your check, you should be able to clearly determine one of these two situations.

Normal situation

You are reassured if :

no unusual action is requested in your customer area ;
the message does not correspond to any real need;
you have not communicated any sensitive information;
no abnormal banking transactions appear.

Situation to be dealt with immediately

You must act quickly if :

you have entered a password ;
you have entered bank details;
you have made a payment;
you notice an abnormal change to your account;
you can no longer access your customer area or services.

Deadlines and level of urgency

In this type of situation, certain actions need to be taken immediately.

To be done immediately

stop clicking on the message ;
change your password if you have provided it;
contact the bank if you have entered bank details or made a payment;
check the actual status of your services in the customer area.

What not to wait for

You should not wait several hours or days if :

you have provided a password
you have provided bank details;
you see any unusual activity.

The faster you react, the more you limit the risks.

Best practices for avoiding phishing

To reduce the risks, keep these reflexes in mind:

never click on an email link when in doubt;
always check that your customer ID is present;
always check the delivery address;
connect directly to your customer area;
never enter your bank details from a suspicious email;
contact support only via the Support section of your customer area if you have any doubts.