Gone Phishing

I’ve been getting some phishing emails on my “work” email. I contract with this company, so I can count on my hands how many people email me, so it goes without saying that I don’t get much in the way of email. So for some list to contain my email is suspect.

So what do I do? I dig into the email source. Because I’m curious.

It gets past through Microsoft-owned servers, the company I contract with uses Office Microsoft 365. Then I see it goes through SendGrid. That makes me think that I have a way to stop it from happening by removing their access to phish others. Then I see the origin. They’re spoofing a legit website, DocuSign, so they made their origin docusign.something.com.

Off I run to do a WHOIS search for the root domain (something.com, which isn’t actually the site). They didn’t bother to hide their information, so I go and look them up. It’s an IT security company, of sorts; they provide education and training to make sure employees aren’t sharing information that could be sensitive. A vertical that I never really thought of.

So I call them out on Twitter.

It turns out that I’m the only one that has ever reached out to them on social media.

There are ways of getting those people or organizations who are phishing you: dig into the email source and find out where it comes from. Chances are you can find where they are sending their emails from and send an email to the abuse email of the provider (changes are it’s abuse@domain.com). If you don’t know what phishing is, there are plenty of resources out there. If you’re a company that’s worried about your employees falling for phishing schemes or your business has been mandated to make sure that doesn’t happen, check out Beauceron Security. Tell them Matt sent you.