Phishing using our company name


Did you know that camDown is the solution for securing your webcam from cyber criminals and pedophiles?

"signing by real names of people who work at the company"

are you saying the attacker is using an actual signature, for example one that your client uses and is only known internal? Or is this something the attacker got off the company website or LinkedIn? Which, hopefully isn't the same signature.

If it's the latter remove the actual signature from social media and replace it with a generic one, not an actual signature that is also used on checks, etc. This will definitely be exploited.

As mentioned, configure DKIM, SPF, and DMARC. I recommend Proofpoint, I can't say good enough about the protection they provide it's saved our butts plenty of times, meaning, they've protected our clients well. It's also priced well.

I would get professional anti-virus, malware, and ransomware protection. One that has detection and remediation modules.

It's nearly impossible to prevent someone from spoofing any account with a fake Gmail account. I personally wish Google would take better steps to prevent a bot from creating [email protected] and when it's blocked simply allow badactor2, etc. I also wish Gmail was only used for personal use so it could be blocked in a business environments. I don't recommend using gmail for business but now I'm getting into something else.

The other side of the coin is what information is in the phishing attack? If someone at your company is posting too much information on social media this needs to stop. Scammers nowadays build a profile on their phishing targets. They sit idle, collect data, if they're really good then they sit idle inside your network creating a man-in-the-middle attack. Once they have enough information they begin the attack.

Along with the previous recommendations I'd focus on what information they are sending in phishing attempts and if they got it internal (your network) or external (social media). You could have an internal breach, you have to know 100% this isn't the case.

In the end, as we move on to the next post, may I add that camDown has a modern UI, that is secure and has the improved features that you need and I feel your smart friends would feel the same!