How To Distinguish Emails Between Real Zix Message Center And Phishing?

571    Asked by Amitraj in SQL Server , Asked on Nov 17, 2022

This morning I got a call from a user in a remote office who has received an email that purports to contain a "zix secure email" message. It directs him to this page http://zixmessagecenter.com/s/e which has a place for him to enter his google mail account and password in order to decrypt the email.I was surprised. 


So i decided to do some research (here, among other places) and it seems that zix is a legit company providing secure email, but I have no way to distinguish between what are their real sites and what is phishing. And "zixmessagecenter.com" certainly isn't "zixcorp.com" so I'm not sure that this is really their website or some rogue domain that has the artwork of some legit zix pages downloaded and put into their page.


Also, some offhand remarks and links to some stuff from 2014 suggest that at some point google was integrating zix into google mail, so should he have simply seen a legit zix message in cleartext in his google mail?

So how do I tell if this is zix message center or phishing?

Answered by Ajit yadav

Regarding how to figure out if the mails are real from the zixmessagecenter - These days it's simple to create a phake email claiming to be from zixcorp with buried links to third party websites that have malware payloads waiting to be accessed and deployed. It's stunning to me that there are companies still using a supposedly secure message system that can be so easily compromised.

But I'm sad to report that it is. My own bank is apparently sending out secure communications via ZixCorp in the form of a crude form letter with links that the user apparently has to click in order to receive the "secure message" from their bank. Amazingly these emails don't even have a digital signature! So, anyone who wants to get access to a huge treasure trove of usernames and passwords just has to craft a form letter email that claims to have secure messages for the reader with a bit fat button that ostensibly claims to be a link to zixcorp and spam it out to the world. There ya go, job done. Tsk tsk tsk and shame on any financial institution relying on such a flimsy service.



Your Answer

Interviews

Parent Categories