Am I Unknowingly Phishing?
November 28, 2005 8:27 AM Subscribe
I was just contacted by my company's ISP saying that our company's account is compromised by a virus as phishing emails have been sent out from here. I find this very hard to believe as we are an all-mac shop and I am fairly confident that these phishing emails generally spoof headers and such. Am I wrong?
After an internet search I can't tell, although I have found lots of sites describing different phishing emails that people receive I haven't found any info about how they're sent out.
After an internet search I can't tell, although I have found lots of sites describing different phishing emails that people receive I haven't found any info about how they're sent out.
You may not have gotten a classic Windows-style virus, but your Macs, being Unix boxes, may have been "rooted" either remotely or via some sort of trojan horse.
In any case it would be nice if the ISP could send you copies of the emails with full headers in order to help determine if it is indeed you, and if so, help isolate the actual computer that's been compromised.
posted by zsazsa at 8:37 AM on November 28, 2005
In any case it would be nice if the ISP could send you copies of the emails with full headers in order to help determine if it is indeed you, and if so, help isolate the actual computer that's been compromised.
posted by zsazsa at 8:37 AM on November 28, 2005
ISP abuse departments often are not as careful as they should be. Ask for the full headers.
posted by cmonkey at 9:47 AM on November 28, 2005
posted by cmonkey at 9:47 AM on November 28, 2005
Were you contacted by email? Or by phone? By letter?
I've recently had several messages from my 'ISP', or my domain 'administrator' detailing 'compromises'. Of course, I'd have to follow the link, or open the attachment to view said 'issues'.
Needless to say, my ISP knows my telephone number - if there is a problem, they can call me.
posted by jkaczor at 10:22 AM on November 28, 2005
I've recently had several messages from my 'ISP', or my domain 'administrator' detailing 'compromises'. Of course, I'd have to follow the link, or open the attachment to view said 'issues'.
Needless to say, my ISP knows my telephone number - if there is a problem, they can call me.
posted by jkaczor at 10:22 AM on November 28, 2005
Also, if your ISP performs trojan filtering, you may get said email, with no attachment - which would make it 'seem' more legitimate than if there was a suspicious file attached...
posted by jkaczor at 10:24 AM on November 28, 2005
posted by jkaczor at 10:24 AM on November 28, 2005
Response by poster: Oh, they called me. I spoke with them and got an IP address, which turned out to be our website IP (which is hosted on Pair networks). Seems pretty clear it's spoofing but nevertheless I have requested the full headers. Haven't got 'em yet. Thanks all for the feedback.
posted by miss tea at 10:42 AM on November 28, 2005
posted by miss tea at 10:42 AM on November 28, 2005
Does your web server have a SMTP service? Is it locked down?
posted by fishfucker at 11:52 AM on November 28, 2005
posted by fishfucker at 11:52 AM on November 28, 2005
Why does your ISP care what you do with your Website if your website is hosted on Pair?
posted by delmoi at 12:19 PM on November 28, 2005
posted by delmoi at 12:19 PM on November 28, 2005
Response by poster: delmoi, exactly the point, they didn't look closely at the ip address, which was that of the website. there's no way pair is serving the stuff, I already checked with them and they're secure as heck. So the headers must be spoofed.
posted by miss tea at 1:08 PM on November 28, 2005
posted by miss tea at 1:08 PM on November 28, 2005
This thread is closed to new comments.
posted by VulcanMike at 8:34 AM on November 28, 2005