Skip to main content

Questions tagged [phishing]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
45 votes
6 answers
6k views

Phishing site uses subdomain that I never registered

I recently received the following message from Google Webmaster Tools: Dear site owner or webmaster of http://gotgenes.com/, [...] Below are one or more example URLs on your site which may be part of ...
gotgenes's user avatar
  • 553
13 votes
4 answers
449 views

Suspected server or data vulnerability and reporting a fraud site

Two days ago someone created a website that has the exact same domain of the company I work for, but missing one letter, and sent a mail campaign to many people that there is a promotion on the ...
mpcabd's user avatar
  • 233
9 votes
1 answer
9k views

Why is fail2ban finding but not banning

I noticed something strange on my Ubuntu Xenial server. It has SSH on the default port and it has fail2ban. Fail2ban is detecting brute force attempts on the server and are logged accordingly: 2017-...
Waleed Hamra's user avatar
6 votes
6 answers
1k views

Are Extended Validation SSL certificates effective?

Every time an SSL cert comes up for renewal, my provider tries to sell me an Extended Validation certificate. The big difference is the green address bar in FireFox and Safari for quadruple or ...
sh-beta's user avatar
  • 6,848
4 votes
5 answers
254 views

Securing Internet and E-mail in small corporate environment

Our company is having a real problem with spam, phishing, and sophisticated viruses (ones that are brand new at time of first download, and not recognized by any virus scanners for at least a few ...
Beep beep's user avatar
  • 1,823
4 votes
1 answer
682 views

SPF - Will softfail get inherited when included?

If I add the SPF-policy v=spf1 include:_spf.google.com -all to my domain, will the -all have some effect or will the ~all from _spf.google.com get "inherited" to my domain?
user avatar
3 votes
3 answers
4k views

Reported Attack Page : how to resolve this problem

My site bccfalna.com is working normal before 2 days but now its not open in firefox/chrome and other browser and come below error message Reported Attack Page! This web page at www.bccfalna.com has ...
tanujdave's user avatar
3 votes
2 answers
543 views

Report phishing websites [closed]

Is there a central place to report domains that have made phishing attempts against my users? I usually make a report to the host of the domain (GoDaddy, generally) but I was wondering if there is a ...
Richard's user avatar
  • 133
3 votes
1 answer
2k views

Spamassasin regex body and header check not working

We are trying to mark phishing mails with a simple rule in Spamassasin as spam. But unfortunately we are unable to get a working check out of it. Basically what we are trying to achieve is that if ...
Daywalker's user avatar
  • 495
3 votes
1 answer
2k views

How is this email passing DMARC?

Today we received a spoofed email: it was sent to us "from us". (Assume we own foo.com -- real domain redacted.) This is disturbing, as it shows as "from foo.com", yet the sender ...
Lawrence Wagerfield's user avatar
3 votes
1 answer
605 views

Display full FROM email address in Outlook

I'm trying to do phishing mitigation in the Outlook desktop app, and I've seen a number of cases where the display name is so long that the email address gets truncated, e.g. From: Microsoft email ...
Barton Chittenden's user avatar
2 votes
3 answers
695 views

Can anyone purchase a SSL certificate?If so what is it's significance in identifying phishing? [closed]

I have read a lot that a phishing site will not be having an SSL certificate installed.As far as I know, anybody can purchase an SSL certificate and install it in their website, irrespective of the ...
user7282's user avatar
  • 121
2 votes
3 answers
128 views

Avoiding viruses 101 [closed]

I'm looking to send out an email to my users to give them advice on avoiding getting viruses and phishing emails. I've found http://www.sonicwall.com/furl/phishing/ which is a bit dated and is ...
PHLiGHT's user avatar
  • 1,041
2 votes
5 answers
11k views

Virus sending phishing emails through exchange server

It appears that there is a virus on my network somewhere that is sending phishing emails through my exchange server. I can see the messages in message tracking and I see many SMTP errors for NDR's and ...
therulebookman's user avatar
2 votes
1 answer
270 views

Links in company emails are being clicked from random IPs

We make phishing campaigns to our users with Lucy Security. The emails include a link to a landing page. When clicked, stats are sent to our phishing platform that include which user clicked, when, ...
SenseiRalph's user avatar
2 votes
3 answers
228 views

Block people searching for server admin pages

Occasionally I flip through our (apache) access log and I often come across people trying to fish for admin pages. For example, they are trying to access pages like: /wp-login.php /administrator/...
Hubbo's user avatar
  • 23
1 vote
2 answers
1k views

My website was used by a freak hacker as a phishing site! What can I do?

My website was taken down a day back - got a message form the host saying that they recieved a complaint from the Bank of America that my website was being used for phishing customers. I managed to ...
Ali's user avatar
  • 279
1 vote
1 answer
63 views

Microsoft hosts domains that redirect to mine. Is there an innocuous explanation?

Facebook alerted me that some SSL certificates have been issued that potentially phish one of our domains: The detailed view for one of these entries is as follows: When I access one of these ...
rinogo's user avatar
  • 339
1 vote
1 answer
154 views

IP reported for mail phishing

I got a report from my root server provider of abuse - someone has been sending phishing mail through my server's Postfix (the headers originate from my server's IP). What should I check for? The ...
Kornel Kisielewicz's user avatar
1 vote
1 answer
425 views

Mailscanner: how to block html attachments only

I have a Mailscanner site and I want to deny all html attachments but permit html emails. AFAIK there is difference between html attachments and html mail: Content-Disposition: attachment; I tried ...
sgargel's user avatar
  • 202
1 vote
1 answer
193 views

WP in docker container hacked - Server sends Phishing mails - disable container from other OS with the server volume mounted?

Wordpress that has not been updated in a docker container on a vServer has probably been hacked since the provider notified me about the server sending phishing mails and deactivated my machine. Now ...
haemse's user avatar
  • 191
1 vote
0 answers
72 views

Postfix - External incoming mails with company domain

We use postfix as internal and external relay and Exchange inside the organization. Our company is receiving a lot of SPAM and phising mails whose Sender is our own company domain. Searching Exchange ...
Maximiliano's user avatar
1 vote
2 answers
98 views

reporting abuse of phishing site (email not monitored)

The following server is phishing our university site: http://webmailadm-unipi-it-src-login-php.mywap.lt/main.php?z=1 Looking into WHOIS database I find a contact email (which coincides with ...
Emanuele Paolini's user avatar
1 vote
2 answers
2k views

Quick/safe way to mass delete SPAM messages from 100+ inboxes

Looking for a way to delete all messages from particular senders out of every affected users mailbox, typically 100-200/10,000. When I approached our Exchange admins about this idea I was met with ...
user228684's user avatar
0 votes
1 answer
2k views

Spam or exchange issue?

I am getting an error message to unknow user on my domain. I would like to know is this just a phishing spam email or it was really send from our domain? I have changed our domain name to OURDOMAIN....
John's user avatar
  • 654
0 votes
1 answer
42 views

SPF and DMARC protection

Today while working at my company, we saw allot of automatic reply emails coming into one of our group inboxes (i.e. [email protected]). We suspect that this email address is being used in a phishing ...
user92592's user avatar
  • 125
0 votes
3 answers
222 views

Bandwidth Usage

I am not sure if this is the correct forum to be posting to, but I thought someone might be able to help? I have a client running Zen Garden on their site which was phished not too long ago. Ever ...
Sixfoot Studio's user avatar
0 votes
1 answer
244 views

Gophish email template link doesn't work [closed]

I downloaded gophish in a linux vps, more specifically in the /opt/gophish direcotry, i also created a systemd service (gophish.service)so i can close the file and the software can still be live. Also ...
hackermade's user avatar
0 votes
1 answer
456 views

Is it common for nested subdomains to get blocked due to phishing detection?

I have a domain that uses subdomains for users, for example: user1.example.com To distinguish between other official subdomains and user subdomains I reserved "at" for all such cases. For ...
shadow-light's user avatar
0 votes
2 answers
532 views

Email protected with SPF but received valid signature from other IP anyway

I've received an email in spam from [email protected] to [email protected], but the "sent by" came from rec15.appleandrdoidmail.mx. [email protected] is an alias. Weird thing is that it says ...
Miquel's user avatar
  • 103
0 votes
2 answers
2k views

How to restore mail flow after Office 365 mailbox user was automatically restricted?

Recently had an Office 365 account compromised from a phishing website, which then sent out a mass-mail. Their email otherwise continued to function. Seeing the spam mail, I blocked the phishing site ...
Christopher Galpin's user avatar
0 votes
3 answers
516 views

Recover from server phishing hijack

My server was compromised last year and a phishing site was uploaded. It was detected and removed within a few days. A year later I'm still getting huge volumes of traffic to the dodgy url on my ...
user avatar
0 votes
2 answers
72 views

Phising in Outlook for Windows Vista

Somehow, some of the emails I send are marked as "phishing" by Outlook in Windows Vista. Can you point me to resources that describe how this works? I'm not phishing and I do not understand what ...
user avatar
0 votes
0 answers
32 views

User Coverage for Microsoft Anti-Phish Policy

We use custom threat policies for anti-phish and anti-spam in Microsoft Defender, and Security Center's remediation list is showing us that 56% of users are covered by the custom policy, and 44% are ...
user avatar
0 votes
0 answers
103 views

Impersonation Insight - Microsoft 365 security

Using impersonation insight to view domains that are sending phishes, there are several that are being delivered, even though our policy is to quarantine. One domain that is commonly abused is icloud....
Joe Rocksford's user avatar
0 votes
0 answers
47 views

Rule - Check for an email with an image tag

I hate spammers phising emails, it doesn't contain anything but an image with in the body. I'm wondering if there is a rule, I can check if the email body contains only and only <img> and no ...
code-8's user avatar
  • 191
0 votes
0 answers
28 views

Automate email traffic reporting Office365 Security and Compliance

I am a Security Engineer at my organization and I'm looking for ways to automate the reporting process for suspicious emails. We are using Terranova Security Awareness for Phish email reporting, and I ...
Jacob K's user avatar
  • 101
0 votes
1 answer
64 views

Managing MSP Tenants for Anti-Phishing Controls

I'm trying to find a simple way to report on our tenants' settings regarding Microsoft's recently introduced Anti-Phishing controls. If possible, I'm looking to find an easy GUI method to report on ...
Eliot at projectfive's user avatar
0 votes
0 answers
35 views

Inbound & outbound emails marked as phishing [duplicate]

We look after multiple Office 365 tenants for hosted Exchange email. One tenant in particular has an issue where a lot of inbound and outbound emails are marked as phishing. The domain passes all ...
Ash's user avatar
  • 458
0 votes
0 answers
25 views

Someone has put phishing files on my server [duplicate]

Recently i found some phishing files (PHP/HTML) on my server which were previously not present. I deleted them but later another set of files reappeared. This is happening for all the sites hosted on ...
Anmol Dubey's user avatar
0 votes
1 answer
424 views

Investigating a phishing complaint

UPDATE: Seems it was a fake email, so not really that urgent, but the questions are still valid. So I received an email about a VPS I host (I'm a VPS hosting company, this is a customer VPS) being ...
Joshua D'Alton's user avatar
0 votes
1 answer
2k views

Enable Google Safe Browsing in ClamAV

I'm trying to enable Google Safe Browsing anti phishing/malware filtering on my mail server using ClamAV. I enabled it in freshclam.conf, and I got a fresh new safebrowsing.cld file in my datadir. But ...
Antares's user avatar
  • 301
0 votes
1 answer
2k views

Prevent intruders to send emails from myself (Postfix)

recently we have been victim of a simple phishing. Yet simple but it can be scary for some users, I don't know how to block this. The intruder connects via telnet to our mail server and sends ...
Diogo Jesus's user avatar