Ask HN: How do you protect your customers from phishing scams?

1 points by slice_of_life ↗ HN
We are a small web dev outfit and handle the IT for many small businesses in our locale. Sometimes our customers will be in the middle of transaction deliberations with suppliers from China somehow scammers get wind of these conversations. When it comes to the time of funds transfer and invoices are being emailed back and forth, somehow a scammer will get involved by simply changing a small part of the email address belonging to the supplier e.g. by adding an extra letter to the email address.

1) How do these scammers get such intimate knowledge of the transactions details? Is it an internal initiative from the supplier's company or is it likely to emanate from our client's organization?

2) Clients are using cpanel and horde to do their email operations. How did the scammer manage to add one of their email addresses as the main from contact in our clients address book? Such that when replying to and email, the from address is no longer the client's email but one of the scammers email addresses.

2 comments

[ 185 ms ] story [ 684 ms ] thread
I do not have any knowledge about cPanel or horde, and my experience with Web is very rusty, but this post is 2 days old, so here are my two cents:

As far I know there are different kind of hosting, in some cases, the HTTP server is shared between customers instances. cPanel makes it possible to examine the server logs, isn't? So in the case of a shared HTTP server, it might be possible to learn a lot about other hosted customers, by looking at the server logs...

Thanks for your response. I was looking at the email headers from the source and there was some sort of ip masking applied so I couldn't get the location of the sender. It resolved to a private IP. I will definitely be examining the server logs.