The browsers have some capability to detect the phishing pages, but they are not able to detect all. Why is that?
Phishing still remains to be one of the most convenient way to hacking. Why is it not possible for browsers to detect all phishing pages, and not only the obvious ones.
I’ve added a paste bin below with the file (it had lots of white space which I’ve since removed):
It seems to using something called HTML Guardian on parts to obfuscate it.
Any help would be appreciated to discover if it really is dangerous or not.
Was multitasking and mindlessly clicked sqaurespace phishing email. Page didn’t load, and right away I realized my mistake. Completed several malware scans which came back clean. The button link source was “https://sqwe7.com/”. The domain was registered on Aug 8, I got the email Aug 9, but didn’t click till Aug 11. The domain is no longer active. Did my getting to the email late save my ass? I searched but can’t find any other history on the domain other than it being tagged as phishing Aug 9. Couldn’t find any other links when inspecting the source of the link, unless I am missing something which is very possible.
Thank in advance for any advice.
Recently we have encountered 2 instances of mass phishing attempts from 2 accounts using SendGrid although the SPF is published as hard fail for both without SendGrid records and only for the mail servers authorized to send.
To elaborate on the details, we encountered this during the investigation of multiple email incidents, lets take two domains abc.com and def.com – abc.com is on O365 while def.com is on premises (Exchange 2016). Unfortunately through phishing attacks the malicious attackers were able to compromise 1 account each from both domains and then used this to register on SendGrid (email header analysis shows SendGrid servers sending out emails), using this they were able to send out mass phishing emails from SendGrid to external users and Gmail, Yahoo and other corporate domains etc. although SPF records published as hardfail only specified O365 and on premises exchange IP’s for the domains respectively.
Quite surprised as how these emails were able to make it to the inbox of the recipients although there is no SPF, DKIM etc. set authorizing SendGrid. There is only an SPF record configured as mentioned earlier for either O365 or on-premises which is weird since it’s for both O365 cloud based and on-premises services, ruling out any cloud to cloud integrations etc. between O365 and SendGrid. There seems to be an increase in these types of attacks lately where a compromised account is used to create an account and have it verified it on SendGrid and then used for mass mailer (phishing) activities from those domains.
I was wondering if someone could shed some light on this as there is no DKIM for signing the domains, there is no SPF authorizing SendGrid and is set to -all (hardfail) but yet with the compromised accounts they are able to send out phishing emails through SendGrid by simply registering with them using the compromised accounts. We tested this out on a lab scenario and were able to replicate this on O365 and on-premises by sending emails to Gmail etc. which were received in the inbox by registering with SendGrid and with no DNS records authenticating or authorizing SendGrid to send on behalf of the domains.
The hosting (DDOS Protection) company https://ddos-guard.net/ is hosting the site <<snipped>> which is phishing hub and ch… | Read the rest of http://www.webhostingtalk.com/showthread.php?t=1767314&goto=newpost
We are running a simulated phishing campaign and one of the landing pages has been blacklisted by google. If you try to visit it in chrome you get the big, red warning page “Deceptive site ahead” (works OK in other browsers).
I assume one of our users reported it, thinking it was a real phishing page (kudos for that!) but now we have the problem that other users who are clicking the links in the emails we send are seeing the warning and not continuing, so we are not collecting data on them, or testing to see if they would go further and enter their credentials. Most importantly, we are missing the opportunity to train users who need that training!
I followed the “report a detection problem” link last week but the domains are still blacklisted. This is my question:
Is there a way to whitelist our landing pages with google and the other browser makers, so even though they look like phishing pages, they don’t get blacklisted in the future?
Most hackers keep their links undetected and also up for a long time and send phishing messages.
How is it done? Even Outlook server could not detect them.
I got a suspicious email which looked pretty legit today and wanted to share with the community and maybe people who are more security savvy than me can tell me more about this Phishing attempt.
Basically it’s an email from a ‘customer’ who says they have put in the wrong address and add a link to the email to what looks like your own website that looks like:
It contains a link to :
Does anyone know what type of exploit this is and what it does if you click it?
I want to publish some demo code on github that deals with a new type of phishing attack. However, I’ve used a Google-branded sign-in page for the demo. Will this be a problem with copyright or any legal issues?