Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 8 subscribers
  • Views 15344 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Phishing Website

nevets

I use a Mac and Chrome web-browser. I use (Mail.com) for e-mail for various internet sites.

Today there was a message that stated the account was about to be suspended; it looked very official and matched (Mail.com) format for that the site uses e-mails to users. I clicked the link, having should have known better, and it took me to a web page that said my e-mail account is terminated.

As I was at the time using the said e-mail account I became suspicious, copied the link and quickly closed it without further action. I changed the password and security questions immediately. 

I tried the link on a couple of web page checkers and it showed the site was suspended or blacklisted depending on the site checker.

I ran Sophos and no issues were found. I noticed that the Sophos screen shown during the scan said that Sophos has Website protection; 'Blocks websites that are known to have viruses and other threats'. In light of this statement, I was wondering why I could access this site when it is shown to be Blacklisted by a number of companies monitoring internet threats.?

The site URL turned out to be (powerinvertersaustralia(dot)com.au/.../suspendedpage.cgi) which has nothing to do with (Mail.com). With the Apple e-mail program 'Mail' I can see the address of the incoming e-mail and would not have opened such a mail. 

Two questions; what impact has occurred, as there are no issues with the Sophos HD scan; and isn't this site on Sophos' threat lists?

 



This thread was automatically locked due to age.
  • 0

    Hi Nevets,

    First and foremost, it would be good for you to edit your post to make that aforementioned URL safe by replacing the . to DOT or something so that others don't just click on it and suffer the same fate. Once that's done, continue reading :)

    Just to let you know you've posted into the wrong forum as Phish Threat is a actually a security awareness platform that we supply which is integrated within our Sophos Central software. It allows organisations to test and train their end-users against social engineering, phishing and spear phishing attacks. It educates employees through a realistic attack simulation followed up with effective corrective training should they click on dodgy links and attachments. So...it sounds like you would benefit from using our Phish Threat software ;)

    I'd say you should have posted this in our 'Endpoint Security and Control' forum but I'll give you some information on what can be done. Within Sophos Endpoint Security & Control we have a module called Web Intelligence. This will allow any files being downloaded from the internet and any webpage code your machine begins to download to be fully assessed before it hits your browser. This is certainly best practice as the majority of all malicious files would attempt to infect the machine from the internet. I'll get my colleagues in SophosLabs to check that URL out and see if there's any dodgy being held there and reply back to you with some more information. 

    Best Regards,

    Byron

  • 0 in reply to byron

    I appreciate your reply and support Byron, thank you.

    For the website involved I had put in brackets, as other forums I have used brackets disabled links. Unfortunately, I didn't catch that until published. I have found the edit link and have edited the link by adding the word 'dot' instead of the 'point' as you kindly recommended - thank you.

    The browser I use normally gives a warning for unsafe sites, or those on a blocked list - as the site in question seems to be on some website threat sites. I assume that as Mail dot com redirected to the link it skipped this browser function.

    Thank you for checking out if Sophos has that site I had issues with is on the Sophos list of threat sites. Looking forward to any feedback you can provide, much appreciated.

  • 0 in reply to nevets

    That's awesome, thanks for doing that! It's just another added bit of security so nothing bad comes of sharing dodgy links. Moving swiftly on, it appears SophosLabs doesn't currently have this down as a malicious site this so I've requested that they reassess it. I'll update this post when I know more. 

    For anyone else out that that would like SophosLabs to reassess a website, they can go here and select 'Submit a Sample' > 'Web Address (URL)' and then fill in the form. 

  • 0 in reply to byron

    Thank you for the update Byron. 

    I checked on google Transparency Report, it shows;

    The site http://powerinvertersaustralia (dot) com.au contains harmful content, including pages that:

    • Try to trick visitors into sharing personal info or downloading software

    This info was last updated on May 12, 2017.

    sitecheck.sucuri(DOT)net/ shows;

    Blacklisted (10 Blacklists Checked): Indicates that a major security company (such as Google, McAfee, Norton, etc) is blocking access to this website for security reasons.

     

    Looking forward to the feedback from SophosLabs reassessment of this site.

  • +1 in reply to nevets

    Hey Nevets, 

    The site account has been suspended and it is no longer hosting the phishing pages according to my colleagues in Sophos Labs. They've also said that the site doesn't seem worthy of blocking by Sophos. 

    Hope that helps you out, let me know if you need anything further.

    Best Regards,

    Byron 

  • 0 in reply to byron

    Thank you for the helpful support Byron.

Unfiltered HTML