Introduction

What is phishing ? How to take steps to resolve it ?

Phishing is a type of social engineering where an attacker sends a fraudulent (“spoofed”) message or sets up a website designed to trick a human victim into revealing sensitive information.

Typically in the context of websites, they are usually webpages uploaded through a vulnerability on the server. Its purpose is to masquerade as a site of another site which is typically trustworthy like a bank. The idea is to steal information and credentials from the unsuspecting user and use that information to cause financial loss or loss of reputation to the unsuspecting user.

How to troubleshoot and resolve it ?

Anti-virus and Malware scanners are the first thing that should be run on servers suspected of being used to host phishing sites.

The following additional steps can be taken to troubleshoot the issue further

  1. Investigations would also include checking for any suspicious files/folders
  2. monitor all mails to webmasters/admin accounts to check for any notices being sent by external agencies who monitor the web.
  3. Check google security reports at https://search.google.com/search-console/security-issues to check for any incidence of deceptive content
  4. The account on which phishing content was hosted needs to be cleaned up and strengthened like changing passwords, using ssh keys, upgrading packages on the server amongst other security procedures

Please note that this document is provided for the benefit of our customers and the community at large. E2E Networks is not responsible for any inadvertent issues arising out of trying out any of the advise here or using by any of the tools

In case any of your server at E2E Networks is compromised, Please note that during the entire process, we request you to communicate and kindly take immediate action to fix the issue as the lack of response or resolution of the issue would be a contravention of IT Act 2000 and would lead to disabling of the public network.