Questions tagged [phishing]
The phishing tag has no usage guidance.
43
questions
45
votes
6
answers
6k
views
Phishing site uses subdomain that I never registered
I recently received the following message from Google Webmaster Tools:
Dear site owner or webmaster of http://gotgenes.com/,
[...]
Below are one or more example URLs on your site which may be part of ...
- 553
13
votes
4
answers
449
views
Suspected server or data vulnerability and reporting a fraud site
Two days ago someone created a website that has the exact same domain of the company I work for, but missing one letter, and sent a mail campaign to many people that there is a promotion on the ...
- 233
9
votes
1
answer
9k
views
Why is fail2ban finding but not banning
I noticed something strange on my Ubuntu Xenial server.
It has SSH on the default port and it has fail2ban.
Fail2ban is detecting brute force attempts on the server and are logged accordingly:
2017-...
- 771
6
votes
6
answers
1k
views
Are Extended Validation SSL certificates effective?
Every time an SSL cert comes up for renewal, my provider tries to sell me an Extended Validation certificate. The big difference is the green address bar in FireFox and Safari for quadruple or ...
- 6,848
4
votes
5
answers
254
views
Securing Internet and E-mail in small corporate environment
Our company is having a real problem with spam, phishing, and sophisticated viruses (ones that are brand new at time of first download, and not recognized by any virus scanners for at least a few ...
- 1,823
4
votes
1
answer
682
views
SPF - Will softfail get inherited when included?
If I add the SPF-policy v=spf1 include:_spf.google.com -all to my domain, will the -all have some effect or will the ~all from _spf.google.com get "inherited" to my domain?
user82444
3
votes
3
answers
4k
views
Reported Attack Page : how to resolve this problem
My site bccfalna.com is working normal before 2 days but now its not open in firefox/chrome and other browser and come below error message
Reported Attack Page!
This web page at www.bccfalna.com has ...
- 33
3
votes
2
answers
543
views
Report phishing websites [closed]
Is there a central place to report domains that have made phishing attempts against my users? I usually make a report to the host of the domain (GoDaddy, generally) but I was wondering if there is a ...
- 133
3
votes
1
answer
2k
views
Spamassasin regex body and header check not working
We are trying to mark phishing mails with a simple rule in Spamassasin as spam.
But unfortunately we are unable to get a working check out of it.
Basically what we are trying to achieve is that if ...
- 495
3
votes
1
answer
2k
views
How is this email passing DMARC?
Today we received a spoofed email: it was sent to us "from us". (Assume we own foo.com -- real domain redacted.)
This is disturbing, as it shows as "from foo.com", yet the sender ...
3
votes
1
answer
605
views
Display full FROM email address in Outlook
I'm trying to do phishing mitigation in the Outlook desktop app, and I've seen a number of cases where the display name is so long that the email address gets truncated, e.g.
From: Microsoft email ...
2
votes
3
answers
695
views
Can anyone purchase a SSL certificate?If so what is it's significance in identifying phishing? [closed]
I have read a lot that a phishing site will not be having an SSL certificate installed.As far as I know, anybody can purchase an SSL certificate and install it in their website, irrespective of the ...
- 121
2
votes
3
answers
128
views
Avoiding viruses 101 [closed]
I'm looking to send out an email to my users to give them advice on avoiding getting viruses and phishing emails.
I've found http://www.sonicwall.com/furl/phishing/ which is a bit dated and is ...
- 1,041
2
votes
5
answers
11k
views
Virus sending phishing emails through exchange server
It appears that there is a virus on my network somewhere that is sending phishing emails through my exchange server. I can see the messages in message tracking and I see many SMTP errors for NDR's and ...
- 340
2
votes
1
answer
270
views
Links in company emails are being clicked from random IPs
We make phishing campaigns to our users with Lucy Security. The emails include a link to a landing page. When clicked, stats are sent to our phishing platform that include which user clicked, when, ...
- 47
2
votes
3
answers
228
views
Block people searching for server admin pages
Occasionally I flip through our (apache) access log and I often come across people trying to fish for admin pages. For example, they are trying to access pages like:
/wp-login.php
/administrator/...
- 23
1
vote
2
answers
1k
views
My website was used by a freak hacker as a phishing site! What can I do?
My website was taken down a day back - got a message form the host saying that they recieved a complaint from the Bank of America that my website was being used for phishing customers. I managed to ...
- 279
1
vote
1
answer
63
views
Microsoft hosts domains that redirect to mine. Is there an innocuous explanation?
Facebook alerted me that some SSL certificates have been issued that potentially phish one of our domains:
The detailed view for one of these entries is as follows:
When I access one of these ...
- 339
1
vote
1
answer
154
views
IP reported for mail phishing
I got a report from my root server provider of abuse - someone has been sending phishing mail through my server's Postfix (the headers originate from my server's IP). What should I check for? The ...
1
vote
1
answer
425
views
Mailscanner: how to block html attachments only
I have a Mailscanner site and I want to deny all html attachments but permit html emails.
AFAIK there is difference between html attachments and html mail: Content-Disposition: attachment;
I tried ...
- 202
1
vote
1
answer
193
views
WP in docker container hacked - Server sends Phishing mails - disable container from other OS with the server volume mounted?
Wordpress that has not been updated in a docker container on a vServer has probably been hacked since the provider notified me about the server sending phishing mails and deactivated my machine.
Now ...
- 191
1
vote
0
answers
72
views
Postfix - External incoming mails with company domain
We use postfix as internal and external relay and Exchange inside the organization. Our company is receiving a lot of SPAM and phising mails whose Sender is our own company domain.
Searching Exchange ...
- 11
1
vote
2
answers
98
views
reporting abuse of phishing site (email not monitored)
The following server is phishing our university site:
http://webmailadm-unipi-it-src-login-php.mywap.lt/main.php?z=1
Looking into WHOIS database I find a contact email (which coincides with ...
- 161
1
vote
2
answers
2k
views
Quick/safe way to mass delete SPAM messages from 100+ inboxes
Looking for a way to delete all messages from particular senders out of every affected users mailbox, typically 100-200/10,000. When I approached our Exchange admins about this idea I was met with ...
- 11
0
votes
1
answer
2k
views
Spam or exchange issue?
I am getting an error message to unknow user on my domain. I would like to know is this just a phishing spam email or it was really send from our domain? I have changed our domain name to OURDOMAIN....
- 654
0
votes
1
answer
42
views
SPF and DMARC protection
Today while working at my company, we saw allot of automatic reply emails coming into one of our group inboxes (i.e. [email protected]). We suspect that this email address is being used in a phishing ...
- 125
0
votes
3
answers
222
views
Bandwidth Usage
I am not sure if this is the correct forum to be posting to, but I thought someone might be able to help?
I have a client running Zen Garden on their site which was phished not too long ago. Ever ...
- 133
0
votes
1
answer
244
views
Gophish email template link doesn't work [closed]
I downloaded gophish in a linux vps, more specifically in the /opt/gophish direcotry, i also created a systemd service (gophish.service)so i can close the file and the software can still be live. Also ...
0
votes
1
answer
456
views
Is it common for nested subdomains to get blocked due to phishing detection?
I have a domain that uses subdomains for users, for example:
user1.example.com
To distinguish between other official subdomains and user subdomains I reserved "at" for all such cases. For ...
- 103
0
votes
2
answers
532
views
Email protected with SPF but received valid signature from other IP anyway
I've received an email in spam from [email protected] to [email protected], but the "sent by" came from rec15.appleandrdoidmail.mx. [email protected] is an alias. Weird thing is that it says ...
- 103
0
votes
2
answers
2k
views
How to restore mail flow after Office 365 mailbox user was automatically restricted?
Recently had an Office 365 account compromised from a phishing website, which then sent out a mass-mail. Their email otherwise continued to function. Seeing the spam mail, I blocked the phishing site ...
0
votes
3
answers
516
views
Recover from server phishing hijack
My server was compromised last year and a phishing site was uploaded. It was detected and removed within a few days. A year later I'm still getting huge volumes of traffic to the dodgy url on my ...
James
0
votes
2
answers
72
views
Phising in Outlook for Windows Vista
Somehow, some of the emails I send are marked as "phishing" by Outlook in Windows Vista. Can you point me to resources that describe how this works? I'm not phishing and I do not understand what ...
rpSetzer
0
votes
0
answers
32
views
User Coverage for Microsoft Anti-Phish Policy
We use custom threat policies for anti-phish and anti-spam in Microsoft Defender, and Security Center's remediation list is showing us that 56% of users are covered by the custom policy, and 44% are ...
user71030
0
votes
0
answers
103
views
Impersonation Insight - Microsoft 365 security
Using impersonation insight to view domains that are sending phishes, there are several that are being delivered, even though our policy is to quarantine.
One domain that is commonly abused is icloud....
0
votes
0
answers
47
views
Rule - Check for an email with an image tag
I hate spammers phising emails, it doesn't contain anything but an image
with in the body.
I'm wondering if there is a rule, I can check if the email body contains only and only <img> and no ...
- 191
0
votes
0
answers
28
views
Automate email traffic reporting Office365 Security and Compliance
I am a Security Engineer at my organization and I'm looking for ways to automate the reporting process for suspicious emails.
We are using Terranova Security Awareness for Phish email reporting, and I ...
- 101
0
votes
1
answer
64
views
Managing MSP Tenants for Anti-Phishing Controls
I'm trying to find a simple way to report on our tenants' settings regarding Microsoft's recently introduced Anti-Phishing controls.
If possible, I'm looking to find an easy GUI method to report on ...
0
votes
0
answers
35
views
Inbound & outbound emails marked as phishing [duplicate]
We look after multiple Office 365 tenants for hosted Exchange email.
One tenant in particular has an issue where a lot of inbound and outbound emails are marked as phishing.
The domain passes all ...
- 458
0
votes
0
answers
25
views
Someone has put phishing files on my server [duplicate]
Recently i found some phishing files (PHP/HTML) on my server which were previously not present. I deleted them but later another set of files reappeared.
This is happening for all the sites hosted on ...
0
votes
1
answer
424
views
Investigating a phishing complaint
UPDATE: Seems it was a fake email, so not really that urgent, but the questions are still valid.
So I received an email about a VPS I host (I'm a VPS hosting company, this is a customer VPS) being ...
- 438
0
votes
1
answer
2k
views
Enable Google Safe Browsing in ClamAV
I'm trying to enable Google Safe Browsing anti phishing/malware filtering on my mail server using ClamAV.
I enabled it in freshclam.conf, and I got a fresh new safebrowsing.cld file in my datadir.
But ...
- 301
0
votes
1
answer
2k
views
Prevent intruders to send emails from myself (Postfix)
recently we have been victim of a simple phishing.
Yet simple but it can be scary for some users, I don't know how to block this.
The intruder connects via telnet to our mail server and sends ...
- 131