My compromise report shows fake accounts such as info, spam for my domain

QUESTION

We are getting compromise reports for the following addresses on almost every single customer/domain.

Observed user names in email addresses are as follows:

  1. info@domainname.com
  2. admin@domainname.com
  3. contact@domainname.com
  4. sales@domainname.com
  5. spam@domainname.com 

ANSWER

This is representative of a rogue actor being interested in gaining unauthorized access to user accounts. They create a list of accounts and passwords to try and compromise a service on the domain. Whether the account exists or not, or the password is accurate or not, it is indicative that someone is interested in exploiting the domain(s) specifically.
 

REFERENCE

Password Spraying (Low and Spray)

Credential stuffing

 

Have more questions?

Contact us

Was this article helpful?
1 out of 1 found this helpful

Provide feedback for the Documentation team!

Browse this section