Phishing
Introduction
What is phishing? How to take steps to resolve it?
Phishing is a type of social engineering where an attacker sends a fraudulent ("spoofed") message or sets up a website designed to trick a human victim into revealing sensitive information.
Typically, in the context of websites, phishing sites are usually webpages uploaded through a vulnerability on the server. The purpose is to masquerade as a site of another trusted entity (such as a bank). The aim is to steal information and credentials from unsuspecting users and use that information to cause financial loss or damage to the user's reputation.
How to troubleshoot and resolve it?
Anti-virus and malware scanners should be the first tools run on servers suspected of being used to host phishing sites.
The following additional steps can be taken to troubleshoot the issue further:
- Investigate and check for any suspicious files or folders.
- Monitor all emails to webmasters/admin accounts for any notices from external agencies who monitor the web.
- Check Google security reports at Google Search Console Security Issues to look for any incidents of deceptive content.
- The account hosting phishing content should be cleaned up and strengthened. This includes changing passwords, using SSH keys, upgrading server packages, and following other security procedures.
Please note that this document is provided for the benefit of our customers and the community at large. E2E Networks is not responsible for any inadvertent issues arising out of trying any of the advice or using any of the tools.
In case any of your servers at E2E Networks are compromised, we request you to communicate with us immediately and take action to fix the issue. Failure to respond or resolve the issue may contravene the IT Act 2000 and could lead to the disabling of the public network.