Hi Benoît, We routinely report abusive emails to AWS that our email hosting customers receive (although not in the past three weeks...) and have consistently received helpful responses at the outset in all but one case. We are a US company.
As we are an AWS customer ourselves, we typically open a new cases via a web form. But, you can also send an email to trustandsaf...@support.aws.com to open a case when the form doesn't "fit" the abuse and allow us to share all of the relevant facts. In the one case where we got off to a bad start, we just mentioned that our assets on AWS our attorney advised us comprised a "protected computer" system as defined by 18 USC § 1030(e)(2), and that AWS failing to take action (their initial response, similar to what you reported) could have AWS named as an accessory to a crime our attorney planned to report to the authorities. We then very quickly got a more helpful response, from a different agent at AWS. Hope that helps, Mark -- _________________________________________________________________ L. Mark Stone, Founder North America's Leading Zimbra VAR/BSP/Training Partner For Companies With Mission-Critical Email Needs Winner of the Zimbra Americas VAR Partner of the Year 2024 Award ----- Original Message ----- | From: "Benoit Panizzon via mailop" <mailop@mailop.org> | To: "mailop" <mailop@mailop.org> | Sent: Monday, April 7, 2025 6:15:30 AM | Subject: [mailop] Amazon AWS a save haven for phisher? | Hi | | Maybe anyone from AWS is on this list who could explain the reaction of | AWS to phishing incidents? | | Two weeks ago, our customer started to receive phishing emails asking | them to enter their email credentials on a website that copied our | webmail login, company name and contact details, hosted @ AWS. | | We opened a case with the AWS abuse desk and asked them to please | disable the phishing site. | | Thankfully, there was a footer line hinting tho the tool used to | create the site and thus to the AWS reseller hosting that site. I | also contacted that reseller. He acted quickly, the phishing site was | gone within a couple of hours. Kudos! | | But the (very later) reply from the AWS abuse team was very | disconcerting! | | It was explaining, that AWS has no access nor is responsible | for the content hosted by their customer and asked us to contact their | customer directly to address the issue. | | I notified AWS that in this case we managed to contact their customer, | but usually this is not the case when faced with phishing email | displaying our own company name, logo and contact details. I asked if | they could publish the abuse contact to their reseller in the | corresponding IP registry in case they assigned the IP range in | question to some other company. | | I got the same reply again telling me, AWS is not responsible for | content published by customers on their platform. | | What went wrong? Or how can phishing be addressed with AWS? Or has AWS | now become a safe haven for phisher? | | Mit freundlichen Grüssen | | -Benoît Panizzon- | -- | I m p r o W a r e A G - Leiter Commerce Kunden | ______________________________________________________ | | Zurlindenstrasse 29 Tel +41 61 826 93 00 | CH-4133 Pratteln Fax +41 61 826 93 01 | Schweiz Web http://www.imp.ch | ______________________________________________________ | _______________________________________________ | mailop mailing list | mailop@mailop.org | https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
