Ask HN: How do you protect your customers from phishing scams?
We are a small web dev outfit and handle the IT for many small businesses in our locale. Sometimes our customers will be in the middle of transaction deliberations with suppliers from China somehow scammers get wind of these conversations. When it comes to the time of funds transfer and invoices are being emailed back and forth, somehow a scammer will get involved by simply changing a small part of the email address belonging to the supplier e.g. by adding an extra letter to the email address.
1) How do these scammers get such intimate knowledge of the transactions details? Is it an internal initiative from the supplier's company or is it likely to emanate from our client's organization?
2) Clients are using cpanel and horde to do their email operations. How did the scammer manage to add one of their email addresses as the main from contact in our clients address book? Such that when replying to and email, the from address is no longer the client's email but one of the scammers email addresses.
2 comments
[ 185 ms ] story [ 684 ms ] threadAs far I know there are different kind of hosting, in some cases, the HTTP server is shared between customers instances. cPanel makes it possible to examine the server logs, isn't? So in the case of a shared HTTP server, it might be possible to learn a lot about other hosted customers, by looking at the server logs...