开云体育

On Thu, Apr 16, 2020 at 12:30 PM, James Morgenstern wrote:

we are new group ... maybe 7 days old.? 12 members.

?

we all just received an email from one of our members [whose normal email is @aol.com]? that was a phishing attack disguised as a link from DropBox.? I looked at the email header and it seems to me that this was indeed sent from groups.io server.

James -- There is no reliable way for groups.io to distinguish between a phishing email sent from a hacked account and one intentionally sent by the person who owns it. Although the service does scan attachments for viruses and malware, there is no such protection against bad hyperlinks.?

what do we do to safeguard against this?

?

does this mean that his aol password has been compromised?

Probably.

or was the triggering email sent from a hacker account and disguised as aol ?

?

would greatly appreciate any help to resolve this.

Initially, I'd put this member on moderation until I'm satisfied that he's regained control of his own email account. Options available are in the Posting Privileges block of his subscription record in the Member List.

If he can't regain control then you'll have to boot him off the group. Once he gets a new email address you can then consider letting him back in.

If it becomes a problem with more than one member then you may have to consider forcing all message delivery to plain text only (see Message Formatting in your group Settings). Most of those who engage in phishing do not spell out the entire link URL but instead hide what's really going on behind the html.

Hope this helps,
Bruce

---

Check out the new groups.io Help Center?and?groups.io Owners Manual