Am I Unknowingly Phishing?
November 28, 2005 8:27 AM   Subscribe

I was just contacted by my company's ISP saying that our company's account is compromised by a virus as phishing emails have been sent out from here. I find this very hard to believe as we are an all-mac shop and I am fairly confident that these phishing emails generally spoof headers and such. Am I wrong?

After an internet search I can't tell, although I have found lots of sites describing different phishing emails that people receive I haven't found any info about how they're sent out.
posted by miss tea to Computers & Internet (9 answers total)
If your ISP does indeed have evidence that a machine there is compromised, they should be able to provide the offending IP addresses so the problem can be traced to a particular machine and eliminated. If they can't provide that, I wouldn't be surprised if they were being fooled by forged headers and didn't bother to take a close look at the message/complaint.
posted by VulcanMike at 8:34 AM on November 28, 2005

You may not have gotten a classic Windows-style virus, but your Macs, being Unix boxes, may have been "rooted" either remotely or via some sort of trojan horse.

In any case it would be nice if the ISP could send you copies of the emails with full headers in order to help determine if it is indeed you, and if so, help isolate the actual computer that's been compromised.
posted by zsazsa at 8:37 AM on November 28, 2005

ISP abuse departments often are not as careful as they should be. Ask for the full headers.
posted by cmonkey at 9:47 AM on November 28, 2005

Were you contacted by email? Or by phone? By letter?

I've recently had several messages from my 'ISP', or my domain 'administrator' detailing 'compromises'. Of course, I'd have to follow the link, or open the attachment to view said 'issues'.

Needless to say, my ISP knows my telephone number - if there is a problem, they can call me.
posted by jkaczor at 10:22 AM on November 28, 2005

Also, if your ISP performs trojan filtering, you may get said email, with no attachment - which would make it 'seem' more legitimate than if there was a suspicious file attached...
posted by jkaczor at 10:24 AM on November 28, 2005

Oh, they called me. I spoke with them and got an IP address, which turned out to be our website IP (which is hosted on Pair networks). Seems pretty clear it's spoofing but nevertheless I have requested the full headers. Haven't got 'em yet. Thanks all for the feedback.
posted by miss tea at 10:42 AM on November 28, 2005

Does your web server have a SMTP service? Is it locked down?
posted by fishfucker at 11:52 AM on November 28, 2005

Why does your ISP care what you do with your Website if your website is hosted on Pair?
posted by delmoi at 12:19 PM on November 28, 2005

delmoi, exactly the point, they didn't look closely at the ip address, which was that of the website. there's no way pair is serving the stuff, I already checked with them and they're secure as heck. So the headers must be spoofed.
posted by miss tea at 1:08 PM on November 28, 2005

« Older gack...hack...sputter...aaahhhh....ptooooiieeee!   |   gear for europe Newer »
This thread is closed to new comments.