
Ask HN: How do you protect your customers from phishing scams? - slice_of_life
We are a small web dev outfit and handle the IT for many small businesses in our locale. Sometimes our customers will be in the middle of transaction deliberations with suppliers from China somehow scammers get wind of these conversations. When it comes to the time of funds transfer and invoices are being emailed back and forth, somehow a scammer will get involved by simply changing a small part of the email address belonging to the supplier e.g. by adding an extra letter to the email address.<p>1) How do these scammers get such intimate knowledge of the transactions details? Is it an internal initiative from the supplier&#x27;s company or is it likely to emanate from our client&#x27;s organization?<p>2) Clients are using cpanel and horde to do their email operations. How did the scammer manage to add one of their email addresses as the main from contact in our clients address book? Such that when replying to and email, the from address is no longer the client&#x27;s email but one of the scammers email addresses.
======
JPLeRouzic
I do not have any knowledge about cPanel or horde, and my experience with Web
is very rusty, but this post is 2 days old, so here are my two cents:

As far I know there are different kind of hosting, in some cases, the HTTP
server is shared between customers instances. cPanel makes it possible to
examine the server logs, isn't? So in the case of a shared HTTP server, it
might be possible to learn a lot about other hosted customers, by looking at
the server logs...

~~~
slice_of_life
Thanks for your response. I was looking at the email headers from the source
and there was some sort of ip masking applied so I couldn't get the location
of the sender. It resolved to a private IP. I will definitely be examining the
server logs.

