What's the difference between zix message center and phishing?

357    Asked by AndreaBailey in SQL Server , Asked on Jan 17, 2022

 I received an email that purports to contain a "zix secure email" message. It directed me to a page http://zixmessagecenter.com/s/e where I can add my email & password.


I did some research and it seems that zix is a legit company providing secure email, but I have no way to distinguish between what their real sites are and what is phishing. And "zixmessagecenter.com" certainly isn't "zixcorp.com" so I'm not sure that this is really their web site, or some rogue domain that has the artwork of some legit zix pages downloaded and put into their page. So how do I tell if this is phishing or not?

Answered by Andrea Bailey

These days it's simple to create a fake email claiming to be from the zix message center with buried links to third party websites that have malware payloads waiting to be accessed and deployed. It's stunning to me that there are companies still using a supposedly secure message system that can be so easily compromised.


But I'm sad to report that it is. My own bank is apparently sending out secure communications via ZixCorp in the form of a crude form letter with links that the user apparently has to click in order to receive the "secure message" from their bank. Amazingly these emails don't even have a digital signature!

So, anyone who wants to get access to a huge treasure trove of usernames and passwords just has to craft a form letter email that claims to have secure messages for the reader with a bit fat button that ostensibly claims to be a link to zixcorp and spam it out to the world. There ya go, job done. Tsk tsk tsk and shame on any financial institution relying on such a flimsy service.



Your Answer

Interviews

Parent Categories