0

I'm a one-man company and I'm getting a lot of phishing emails very similar to the emails from companies I use.

Some of these companies and the emails we exchange are very unique. How would these malicious senders 'learn' the type of emails and content I send?

Since the increase in phishing emails I've also noticed I'm receiving very few genuine emails from the businesses I used to deal with and as such business has slowed down.

My website is on a shared hosting. I use Webmail using Roundcube to usually send receive emails. I've also set up an Imap email account to my webmail account on my android phone (samsung) - is there any security I need to implement on that? The Imap security type setting for both incoming and outgoing server is set to SSL (accept all certificates) over port 465?

Could they be sniffing out content? If so, what are the recommended steps to prevent and to secure a compromised website/email?

adam78
  • 101
  • 1

1 Answers1

3

It is highly unlikely that a malicious actor is sniffing email servers around the world to figure out how to craft phishing emails.

What is more likely, is:

  1. your email accounts have been compromised
  2. these companies have been breached, and the malicious actor is simply reading the emails and address book of the compromised accounts
  3. it's not targetted at all and that the malicious actors know the kinds of emails the companies' customers expect and just copy the style

Without specific details, I can't get more definite than that.

As a customer, there is no defence for the last two. The problem rests on the other company's side. You can help by reporting these phishing emails to the companies so they can follow up on their end.

For the first one, the defence is pure account security practices:

  • choose strong, long passwords (hopefully randomly generated and managed by a password manager)
  • enable 2FA on as many accounts as you can

If you are already compromised, then you should immediately change all passwords.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • the relationship with these companies is a business to business one and it seems to be phishing emails from every business I deal with so the likelyhood of all them having been breached seems unlikely. Could the breach be on my side and how would I identify/investigate and rectify? Any advise tips appreciated. I've also noticed I'm receiving very few genuine emails from the businesses I used to deal with and as such business has slowed down? – adam78 Aug 01 '19 at 10:29
  • 1
    If the breach is on your side, then you need to reset ***ALL*** your passwords (start with all email accounts) and look at enabling 2FA to prevent the problem from happening again. – schroeder Aug 01 '19 at 10:35
  • the website is on a shared hosting so do I include all cpanel passwords etc. I use webmail using roundcube which i don't think has 2FA. I've also set up a imap email account to the webmail account on my phone - is there any security i need to implement with that. The security type setting for both incoming and outgoing server is set to SSL (accept all certificates)? – adam78 Aug 01 '19 at 10:50
  • This is now getting way beyond the scope of the question. Without knowing what has been compromised, I'd change everything. IMAP is convenient, but lacks a lot of security controls. In fact, if your passwords are weak, the initial compromise might have been from IMAP. I'd consider posting a new question with all these details and ask about how to secure your set up from compromise. – schroeder Aug 01 '19 at 10:56
  • the imap ssl port is 465 – adam78 Aug 01 '19 at 11:03