Our company suffered a phishing attack yesterday. By investigating the attacker and our potential employees who could have been phishing, we ended up with the database of phishing user attacks.
This database includes e-mail and passwords (~ 40) from several companies (~ 10) that seem to share the same phishing attack as us. In addition, it seems that the target is very visible.
Until here, here is what we accomplished:
- Contact targeted businesses and list phishing users
- Contact websites that are susceptible to phishing attacks (it happens on several hacked websites, so it's hard to stop it)
However, we are not sure that this is the best way to handle the following situation, here's why:
More and more users are still capturing their identity information and it's not our job to secure users from other businesses and we'd like to stop wasting time on this (most companies are tracking our email or call us for more details).
We are concerned that some companies (targeted companies in the same industry as us) do not understand us well and think we are somehow associated with this phishing attack because we are one of their competitors.
We ensure the safety of our competitors (so we spend money on them)
One solution might be to publish a blog post, but it also has drawbacks, such as being considered a toxic player, because we would be pointing out the safety of our competitors. Another solution would be to not contact these companies and let them compromise.
What would be the best way to react to this phishing attack?