Announcement

Collapse
No announcement yet.

Our customer service email used in a phishing attack

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Our customer service email used in a phishing attack

    It has come to our attention that one of our customer service email addresses – support@duoservers.com, has been illegally used in a PayPal phishing campaign.


    The phishers have managed to send a mass number of emails where the ‘FROM’ header lists support@duoservers.com as a sender address and associates it with PayPal. The action button in the email leads to a phishing PayPal site.
    Here is how the phishing email actually looks like:

    Our admins’ in-depth investigation of the situation has shown that the majority of phishing emails were sent to MSN / HotMail / Outlook.com email addresses. Unfortunately, they have managed to sneak through their spam filters. So, if you are among the recipients of those emails, please do not take any action on your end.

    Upon learning about this situation, we contacted the email hosting provider whose services were used to send the emails on behalf of support@duoservers.com, as well as the hosting company where the phishing domain is hosted. Both companies were fast enough to block the phishers from accessing their services and investigations are now taking place.

    Our administrators, in turn, have taken all necessary measures to prevent our customer service emails from being abused. Since we use those addresses only for internal communication with customers, we seem to have overlooked the need for extra protection against abusive behaviour.

    However, you should not worry about the emails hosted on our servers. Features like Domain Keys and SPF Protection will help you further protect your emails from being ‘stolen’ and used for phishing purposes.

  • #2
    I wonder would someone at RSP may do a short tutorial on how Domain Keys and SPF work and how to enable them, perhaps a nice video

    Comment


    • #3
      Hello.

      Thank you for your message clivejo.

      I am sure that this would be useful to all.

      "DomainKeys Identified Mail (DKIM) is an email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain's administrators. A digital signature included with the message can be validated by the recipient using the signer's public key published in the DNS. ( http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail )"

      By default, all Domains Hosted with us - DNS and Mails do have the DomainKeys Identified Mail configured and all sent E-Mails are authorized and signed by the Mail Server.

      "SPF (Sender Policy Framework) Protection is a way to control forged e-mails, allowing the email account owner to specify which mail servers are authorized to send emails from their domain names."

      There is a SPF Manager section in the Hepsia Control Panel: Email >> SPF Manager >> where you can enable the protection.

      How to enable the SPF for your domain? The SPF Protection will give you a way to control which mail servers can send email for your domain name, thus protecting yourself from forged emails being sent from your name.
      To enable the SPF protection for a specific domain name, click on the “Add SPF Protection” button, A new pop-up window will open, from where you have to choose the exact domain name you wish to protect and switch the Status to ON from the drop-down menu next to your domain name.
      Then fill in the required settings for each field as follows:
      1. Hosts: Fill in a list of all the hosts (mail server names), which are authorized to send mail for the chosen domain name , e.g. mail.my-best-domain.com . Separate hosts with space or comma.
      2. IPv4: Type in the IP address of your SMTP mail server (mail.my-best-domain.com). Please have in mind that most of the mail servers have more than one IP address. Separate the IP addresses with space or comma.
      3. IPv6: Leave this field blank as no IPv6 are being used for now.
      4. There are 3 options coming next, but we recommend to use the "Allow my domain name's MX records" one. This means that only the MX records stored for your domain name in the DNS zone will be able to send mail on behalf of your domain name, which is the safest and most secure option.

      Once you are ready, click Apply and allow up to 24 hours for the global records propagation, so that other mailing server can be aware of the changes you have made.

      The above is from the Help tab at the SPF Manager.

      Basically when enabling the SPF the best would be to enable: Allow my domain name's MX records only and also add your website's IP to the IPv4: section.

      By just enabling the SPF you can get your Sender Score (http://www.mail-tester.com/) to 9.5 which is really, really a good result.

      For no-Hepsia Services: the SPF is a simple DNS TXT Record that you should add to the DNS Zone, as for the DKIM you can check this awesome tool: https://www.dnswatch.info/dkim/create-dns-record

      Best Regards,
      Tom.

      Comment


      • #4
        Hi Tom, I have SPF enabled and tested the domain with the tool (Sender Score :9) If I could use DKIM I would be able to achieve 10/10. Can the DKIM be added using the Hepsia CP?

        Comment


        • #5
          Hello.

          The DKIM is a TXT Record that can be added through Hepsia >> My Domains >> DNS Records

          Best Regards,
          Tom.

          Comment

          Working...
          X