back to article Cloudy biz Datrix locks down phishing attack in 15 mins after fat thumb triggers email badness

Cloud-'n'-comms biz Datrix has suffered a phishing attack that resulted in some customers' contact details being compromised – though the company reckons it contained the attack within 15 minutes. The London-based firm sent an email to its customers earlier this week, seen by El Reg, confirming it had been "the target of a …

  1. Wellyboot Silver badge

    a compromised supplier of Datrix's

    Once a known contact gets compromised you're going to be in the firing line and security tools can only go so far.

    Nice to see that the boss here has a realistic outlook on the problem.

  2. DavCrav Silver badge

    "Datrix told its customers in a fresh email alerting them to the incident. Company reps also phoned all of those who had been emailed by the phishers to ensure the warning got through, Wirszycz told us."

    This is how a breach should be dealt with. Yes, you shouldn't click on links in e-mails, but it will occasionally happen. The point is, when it does, to be ready and swing into action immediately. Afterwards, you need to assess the damage quickly, alert everyone compromised, and be up-front about what happened. The extra phone call is just another layer of security.

    Most other companies could learn from this response.

  3. Anonymous Coward
    Anonymous Coward

    Domain names are case insensitive?

    “Those emails, sent to tempt finance bods into paying fake invoices, linked to a fake domain: datrlx.co.uk (with a lowercase L) (instead of datrix.co.uk)”.

    I don't understand, I though domaiN nAmes were case insensitive?

    1. Jimmy2Cows Silver badge

      Re: Domain names are case insensitive?

      Nothing to do with case sensitivity. The lowercase L can be easily misread as an i. The fake domain name was intended to look, at a cursory glance, like the legit domain name.

      1. Pascal Monett Silver badge

        I did a double-take on that as well, and had to look twice to spot the subterfuge.

        Taught me a lesson today : pay double attention when URLs contain "i" or "l".

    2. EnviableOne Silver badge

      Re: Domain names are case insensitive?

      All about the homo-glyphs

      enviable

      is very difrent from enviable

      1. Robert Helpmann?? Silver badge
        Childcatcher

        Re: Domain names are case insensitive?

        enviable is very difrent from enviable

        Oddly enough, Chrome views them as the same when I search for them on the page while other applications do not. That looks like a bad implementation to me and makes me wonder if it is open to abuse. Unicode strikes again!

  4. Jimmy2Cows Silver badge
    Facepalm

    after fat thumb triggers email badness

    For some reason I misread that as email baldness, which was a bit confusing.

  5. GnuTzu Silver badge
    Facepalm

    Mobile Phone Touch Screens

    Yeah, I get ticked at phone apps. Too often what I intended to be scrolling was taken as a single click. There's a serious design problem here. And, even for those that never run into this problem, email links should still never, ever just take off on a single click.

  6. razorfishsl

    So why are they not scanning incoming emails from suppliers?

    1. gcamdatrix

      We had several layers of security which unfortunately failed to detect the malicious link.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019