We are aware of phishing attempts using Greenbone email addresses as sender towards email addresses that were found to be in relationship with Greenbone. Subjects like ‘Payment due’ are used in combination with a Greenbone sender Email address to make the recipient click on special Web-Links or reply to a compromised email account.
This is a common phishing practice and is mostly automated by criminals. Likely you have seen already many of such emails.
We have a couple of mechanisms in our security architecture to identify and handle such attempts:
Sender Policy Framework (SPF): We are supporting SPF via our DNS records. However, your email service needs to support it as well. If it does, the phishing attempts will be indicated with ‘SPF= fail’.
It is likely that the phishing emails are sent to deepen knowledge about potential targets for further attacks.
Important to note:
This is mostly about OSINT information. There was no need to hack internal systems within Greenbone to collect/harvest email addresses. The information were found in the public. Related to this we haven’t seen any attack to Greenbone’s internal systems, which we continuously monitor.
If you see such emails, best is to delete them right away. If in doubt, you can forward the email as an attachment to our Security Response Team.