Mailscanner warning "Mailscanner has detected a possible fraud attempt from XXX claiming to be YYY"

  Afdrukken
In today's world, internet abuse has many forms and occurs more often than a few years ago.
Phishing is a type of abuse that gets more and more media attention, and rightfully so, because it is a real threat to anyone's business, and to anyone's personal data.

In an attempt to warn our customers when there is a possible fraud attempt, we are running MailScanner on all incoming email.
One of the features of MailScanner is that it scans the incoming mail for possible fraud attempts.

That's why you can sometimes see warnings in the contents of your email like

Mailscanner has detected a possible fraud attempt from domainX.com claiming to be domainY.com

In this article, we would like to explain why this happens, and what you should know about this.

What is phishing?

Phishing is the act of trying to fish for passwords of user accounts for websites the abuser wants to get access to. Imagine if a hacker knows your password to access your email or facebook account for instance; he'll soon have access to your personal data that will be freely available to him for further abuse.
A very common phishing attempt is by sending you an email inviting you to log in to a website that looks like the one you're used to (for instance facebook), but is in fact an entirely different website, hosted by the hacker who can harvest your credentials as soon as you log in on his website.
In order to achieve this goal, the hacker needs you to go to his website, in stead of the one you trust. A very common practice, is sending you an email that looks like this:

We invite you to login to your facebook.com account.

Now - if you look at that email, you'll think that this is a legitimate request, because it links to facebook.com, right? Well - click it, and you'll notice that it links to the Google website in stead.
Imagine that on the linked website, they host a website that looks just like Facebook - you'll be trusting them, and log in with your Facebook credentials, while in fact you are on the hacker's website.
Before you can blink your eyes, you'll have shared you personal login information from facebook with the hacker.

How can you prevent phishing abuse
When you click a link, ALWAYS check that the address in the address bar of your browser is what you expect; if you want to login to Facebook, make sure the address in the address bar of your browser does in fact show facebook.com, and not - for instance - http://facebook.hackingwebsite.com. Also, it is good practice to only log in to SSL secured websites.

What does mailscanner do to help me?
MailScanner checks the content of your incoming mail and compares the advertised website with the actually linked one. If there is a difference, it adds a warning to your email informing you that it might be a fraud attempt, and that you should be extra cautious.
MailScanner does not change anything else in your email, and you can still click your links; it merely adds a warning so you are well aware that there IS a difference that was detected, and that you should be careful.

Does this mean the email is in fact malicious?
Definitely not. Many commercial mailing tools for instance, always have their links pass through their own system so they can track that you clicked the link in the email before they redirect you to the site you want to visit. Since MailScanner can not actually know whether it is a malicious email or not, it adds the warning as soon as it detects a difference between the advertised and the actual link.

If you send out mails through our services, or any other service, and notice these warnings, this does not mean that all your correspondents will receive these warnings; MailScanner runs on incoming email and does not alter any outgoing email. If correspondents you send email to receive the same warnings, it means that they are running MailScanner at their end as well, and that they should be aware that they do.

What if I do not want these warnings?
In cPanel, you can disable MailScanner for your account; we strongly advise to keep this option activated, and educate your users on what this means. Send them a link to this article for instance.


1 out of 1 people found this article useful.

Categories

Login

 
Forgot password?
Register now

Taal