What is phishing? What to do in case of a complaint?
Top : Généralités

ID de l'article: 002705
Note: 0.0 / 5.0 (0 votes)
Lu: 841

Version Française

- What is phishing ?
- How are you concerned by a phising complaint

- Phishing is a phenomenon appeared on the net a few years ago. It is a scam banking type. An attacker creates a website completely identical to the one of the targeted bank and sends an email to users. Customers of the bank click on the link back to the fake website and enter their contact information to revalidate their account. The hacker then recovered the information and can connect to the customer's bank to do transaction or other manipulations.

- Either your server has been compromised and you are hosting the phishing site or your server relayed an email containing phishing.

For the first point the phisher has used a security flaw. The most common is the use of phpBB forum, in fact this forum is the most used on the Internet and unfortunately it has several security vulnerabilities.
Check that you are using the latest software and edit your php.ini file like this:

global register "off"
safe mode "on"

These changes can be binding on the developers, but provide more security for your web applications.

For the second point you should check that your mail server does not allow relay, ie it allows any user to use your server to send mails, spam, viruses or phishing.

If you are under Plesk you should check that the SMTP authentication or time pop lock is active.

Servers without plesk can be tested for the relay here:

I checked all the information of the second point and my server is properly configured. What can I do? In this case it may be that one of your customers have infested his computer and the phishing is send from his computer and then your server to broadcast on the internet.
Your only solution is to do a mailing to your customers inviting them to updates their OS and install a firewall and an antivirus.

Avez vous trouvé cet article utile ?