Our company suffered a phishing attack yesterday. While we were investigating the attacker and our potential employees who could have been phishing, we ended up with the database of phishing user attackers.
This database includes emails and passwords from users (~ 40) from multiple companies (~ 10) who appear to be sharing the same phishing attack as us. In addition, it seems that the goal is high profile.
So far, this is what we have been achieving:
- Contact selected companies and list phishing users
- Contact the websites where the phishing attack is occurring (it is happening on several pirated websites, making it difficult to stop it)
However, we are not sure that this is the best way to deal with the following situation, this is the reason:
More and more users enter their credentials and this is not our role to protect users of other companies and we would like to stop wasting time with this (most companies follow our email or call us to request more details).
We are concerned that some companies (target companies that are in the same industry as us) do not understand us well and we believe that we are somehow associated with that phishing attack because we are one of their competitors
We are making security for our competitors (so we are spending money for them)
One solution could be to publish a blog post, but it also has drawbacks, such as being seen as a toxic player because we would be pointing our finger at the safety of our competitors. Another solution would be not to contact these companies and let them commit.
What would be the best way to react to this phishing attack?