#Phishing attacks are prevalent and most of them are quite easy to spot. For example as a client of #Hetzner hosting service I frequently get emails claiming that my domain(s) are about to expire with links to random sites that try to steal the Hetzner login credentials. These attacks are dumb, and easy to tackle.

Today I received a bit more refined and sneakier one: The attacker is using a legitimate helpdesk platform as a staging area. The attackers have created an account on #Freshdesk, and then invite Hetzner users to the platform in name of Hetzner Support. This is quite devious as the email originates from Freshdesk, and thus looks quite legitimate. Presumably if you register an account, you will be then targeted with further attacks (which will be much easier once you’ve accepted the premise of them actually being the Hetzner Support).

I can see some people easily falling for this one. I’ve now reported the malicious account to Freshdesk.

The irony? I got yet another registration email after reporting the issue to them. But this time it appears to be from a legitimate source. I think.

@harrysintonen For uneducated person on these attacks like me, the best protection has been to stick to text based email clients :-) Haven’t had an issue to separate a phishing email from legit when I read all my email previously with mutt and these days with aerc.

I would have no chance to survive from these or notice them if I used Outlook/Thunderbird or similar :-)

#Freshdesk support totally dropped the ball and instead of nuking the phishing account found it appropriate the approach the attacker about my difficulty activating my account. 🤦‍♂️​

"Let us know if you require any further clarifications on the same."

I did contact #Freshdesk again and explained the situation in extremely clear terms. I made it abundantly clear that this is not a normal situation and that their systems are being #abused for #fraud. I also asked them to forward the message to any security or operations team, too.

I got back the identical standard response and they contacted the fraudsters again with my contact details to try "help me". It seems they just don't care.