X
Tap here to go to the mobile version of the site.

Support Forum

Firefox reports Mozilla Phishing Report page as Potential Security Risk

Posted

I just received a "Password Reset Notification" e-mail that looked very scammy,

I right clicked on the link to select "Report Phishing Scam, but when Firefox was going to open the Mozilla Phishing report page, I got "Warning, potential security risk ahead"

I think there's a problem somewhere...!

I just received a "Password Reset Notification" e-mail that looked very scammy, I right clicked on the link to select "Report Phishing Scam, but when Firefox was going to open the Mozilla Phishing report page, I got "Warning, potential security risk ahead" I think there's a problem somewhere...!
Attached screenshots
Quote

Additional System Details

Installed Plug-ins

  • Shockwave Flash 32.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0

More Information

Question owner

PS I'm using Thunderbird 60.9.0 32 bit as my mail client

Also, when I clicked on Advanced in Firefox I got:

Web sites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for en-gb.phish-report.mozilla.com. The certificate is only valid for aus2.mozilla.org.

Error code: SSL_ERROR_BAD_CERT_DOMAIN

View Certificate

PS I'm using Thunderbird 60.9.0 32 bit as my mail client Also, when I clicked on Advanced in Firefox I got: Web sites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for en-gb.phish-report.mozilla.com. The certificate is only valid for aus2.mozilla.org. Error code: SSL_ERROR_BAD_CERT_DOMAIN View Certificate

Modified by graham12

Was this helpful to you?
Quote
FredMcD
  • Top 10 Contributor
4256 solutions 59602 answers

The notice you got was a SCAM.

. Whenever you get a message / popup like that;

DO NOT USE ANY OF THE PROVIDED LINKS OR ANY PHONE NUMBERS ! !

Such messages are only Spam that could lead you to Fake Support. Not only can they damage or hack your system, they charge you to do so.

You can report such a site at; Google Report Phishing Page {web link} which is the same when done while on site by going to Help > Report Web Forgery

Help us safeguard Mozilla’s trademarks by reporting misuse {web link}

The notice you got was a SCAM. . '''Whenever you get a message / popup like that;''' <u>'''DO NOT USE ANY OF'''</u> <u>'''THE PROVIDED LINKS'''</u> <u>'''OR ANY PHONE NUMBERS ! !'''</u> Such messages are only '''Spam''' that could lead you to '''Fake Support.''' Not only can they damage or hack your system, they charge you to do so. You can report such a site at; '''[http://www.google.com/safebrowsing/report_phish/ Google Report Phishing Page]''' {web link} which is the same when done while on site by going to '''Help > Report Web Forgery''' '''[http://www.mozilla.org/en-US/legal/fraud-report/ Help us safeguard Mozilla’s trademarks by reporting misuse]''' {web link}
Was this helpful to you? 0
Quote
FredMcD
  • Top 10 Contributor
4256 solutions 59602 answers

When you get such notices, check the links in the message. If they do not go back to whoever the message claims to be from . . . . . . SCAM ! ! !

When you get such notices, check the links in the message. If they do not go back to whoever the message claims to be from . . . . . . SCAM ! ! !
Was this helpful to you? 0
Quote

Question owner

I think you've misunderstood what I was saying.

Yes, I know it was a scam, that was why I was trying to use Thunderbird's Report E-mail Scam feature.

But Firefox was tell me that Mozilla's Phishing report page was a "Potential Security Risk" because of a mis-matched security certificate!

I think you've misunderstood what I was saying. Yes, I know it was a scam, that was why I was trying to use Thunderbird's Report E-mail Scam feature. But Firefox was tell me that Mozilla's Phishing report page was a "Potential Security Risk" because of a mis-matched security certificate!
Was this helpful to you?
Quote
FredMcD
  • Top 10 Contributor
4256 solutions 59602 answers

Helpful Reply

Ahh. I see. What is the link that was flagged as bad? I am calling a moderator.

Ahh. I see. What is the link that was flagged as bad? I am calling a moderator.
Was this helpful to you? 1
Quote

Question owner

The scam URL was https://storage.gxxgleapis.com/asharepoint-histography-105721396/index.html (I've replaced the oo in google with xx)

The link that comes up when I right click on the link and select "Report Email Scam" in Thunderbird is https://en-gb.phish-report.mozilla.com/?hl=en-GB&url=https%3A%2F%2Fstorage.googleapis.com%2Fasharepoint-histography-105721396%2Findex.html

The second link is the one that Firefox flags as a Potential Security Risk.

The scam URL was https://storage.gxxgleapis.com/asharepoint-histography-105721396/index.html (I've replaced the oo in google with xx) The link that comes up when I right click on the link and select "Report Email Scam" in Thunderbird is https://en-gb.phish-report.mozilla.com/?hl=en-GB&url=https%3A%2F%2Fstorage.googleapis.com%2Fasharepoint-histography-105721396%2Findex.html The second link is the one that Firefox flags as a Potential Security Risk.
Was this helpful to you?
Quote
FredMcD
  • Top 10 Contributor
4256 solutions 59602 answers

Thanks for the links.

Thanks for the links.
Was this helpful to you?
Quote
McCoy
  • Top 10 Contributor
545 solutions 5139 answers

graham12 said

The link that comes up when I right click on the link and select "Report Email Scam" in Thunderbird is https://en-gb.phish-report.mozilla.com/?hl=en-GB&url=https%3A%2F%2Fstorage.googleapis.com%2Fasharepoint-histography-105721396%2Findex.html
The second link is the one that Firefox flags as a Potential Security Risk.

That link takes me to the correct "Report a Suspected Web Forgery" page.

About ten hours ago, when I entered the link that shows in your screenshot, it indeed took me to the "Potential Security Risk" warning; now it redirects me to :

https://www.mozilla.org/en-US/

''graham12 [[#answer-1254706|said]]'' <blockquote> The link that comes up when I right click on the link and select "Report Email Scam" in Thunderbird is https://en-gb.phish-report.mozilla.com/?hl=en-GB&url=https%3A%2F%2Fstorage.googleapis.com%2Fasharepoint-histography-105721396%2Findex.html<BR> The second link is the one that Firefox flags as a Potential Security Risk. </blockquote> That link takes me to the correct "Report a Suspected Web Forgery" page. About ten hours ago, when I entered the link that shows in your screenshot, it indeed took me to the "Potential Security Risk" warning; now it redirects me to : https://www.mozilla.org/en-US/
Was this helpful to you? 0
Quote
McCoy
  • Top 10 Contributor
545 solutions 5139 answers

graham12 said

The scam URL was https://storage.gxxgleapis.com/asharepoint-histography-105721396/index.html (I've replaced the oo in google with xx)

I did some searching and found out that this may have put some more malware on your device, so would you please do this :

Go to the Firefox menu (≡) => Options => Add-ons => Extensions and remove anything that looks unfamiliar or suspicious.

Do the same in Windows Control Panel => Programs.

Next step is to run malwarescans - further information can be found in this article :

https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. They all work differently - what one program doesn't pick up, the other might.

Also see : https://malwarefixes.com/threats/storage-googleapis-com/

And : https://howtoremove.guide/remove-storage-googleapis-com-virus/



You may also want to inform your email provider about this site.

''graham12 [[#answer-1254706|said]]'' <blockquote> The scam URL was https://storage.gxxgleapis.com/asharepoint-histography-105721396/index.html (I've replaced the oo in google with xx) </blockquote> I did some searching and found out that this may have put some more malware on your device, so would you please do this : Go to the Firefox menu (≡) => Options => Add-ons => Extensions and remove anything that looks unfamiliar or suspicious. Do the same in Windows Control Panel => Programs. Next step is to run malwarescans - further information can be found in this article : https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no '''Run most or all of the listed malware scanners'''. They all work differently - what one program doesn't pick up, the other might. Also see : https://malwarefixes.com/threats/storage-googleapis-com/ And : [https://howtoremove.guide/remove-storage-googleapis-com-virus/] --------------------------------------<BR> You may also want to inform your email provider about this site.
Was this helpful to you? 0
Quote

Question owner

There's nothing on Firefox Extensions or Windows > Programs that I haven't installed myself.

Also I run eg NoScript, Avira and Zone Alarm (amongst others) and don't click on unknown links or install software from untrusted sources.

I've just tried going back to the original scam e-mail, right-clicking on the link and trying the "Report Email Scam" feature again and this time it worked ok and takes me to https://safebrowsing.google.com/safebrowsing/report_phish/?tpl=mozilla&hl=en-GB&url=https%3A%2F%2Fstorage.googleapis.com%2Fasharepoint-histography-105721396%2Findex.html

So whatever the issue is, it appears to have been resolved.

There's nothing on Firefox Extensions or Windows > Programs that I haven't installed myself. Also I run eg NoScript, Avira and Zone Alarm (amongst others) and don't click on unknown links or install software from untrusted sources. I've just tried going back to the original scam e-mail, right-clicking on the link and trying the "Report Email Scam" feature again and this time it worked ok and takes me to https://safebrowsing.google.com/safebrowsing/report_phish/?tpl=mozilla&hl=en-GB&url=https%3A%2F%2Fstorage.googleapis.com%2Fasharepoint-histography-105721396%2Findex.html So whatever the issue is, it appears to have been resolved.
Was this helpful to you?
Quote
McCoy
  • Top 10 Contributor
545 solutions 5139 answers

Asking you to see if there was anything suspicious in Options => Extensions and in Windows Control Panel was just to make sure.

I'm glad that the problem seems to be solved; seeing that your second link now went to the correct pages, kind of made me think it would be.

But (just to be on the safe side and as a precaution) : would you run a malwarescan please  ? Maybe let Windows Defender run a full scan ?

(better safe than sorry .... )



You mention having other security software installed, but I'm a bit sceptical about that, and here's why :

https://www.howtogeek.com/239950/dont-use-your-antivirus-browser-extensions-they-can-actually-make-you-less-safe/

Also see :

http://tech.firstpost.com/news-analysis/ex-mozilla-firefox-developer-says-anti-virus-software-does-more-harm-than-good-359798.html

You're best off with just using Windows built-in Defender and maybe let malwarebytes run a scan once a month. But that is totally up to you, of course.

Asking you to see if there was anything suspicious in Options => Extensions and in Windows Control Panel was just to make sure. I'm glad that the problem seems to be solved; seeing that your second link now went to the correct pages, kind of made me think it would be. But (just to be on the safe side and as a precaution) : would you run a malwarescan please ? Maybe let Windows Defender run a full scan ? (better safe than sorry .... ) -------------------------------------<BR> You mention having other security software installed, but I'm a bit sceptical about that, and here's why : https://www.howtogeek.com/239950/dont-use-your-antivirus-browser-extensions-they-can-actually-make-you-less-safe/ Also see : http://tech.firstpost.com/news-analysis/ex-mozilla-firefox-developer-says-anti-virus-software-does-more-harm-than-good-359798.html You're best off with just using Windows built-in Defender and maybe let [https://www.malwarebytes.com/ malwarebytes] run a scan once a month. But that is totally up to you, of course.
Was this helpful to you? 0
Quote

Question owner

Thanks for your suggestions, but I trust Microsoft products less than I trust anything else, especially after they tried to foist Windows 10 Nagware onto my machine under the guise of a "Critical Update"!

Thanks for your suggestions, but I trust Microsoft products less than I trust anything else, especially after they tried to foist Windows 10 Nagware onto my machine under the guise of a "Critical Update"!
Was this helpful to you?
Quote
McCoy
  • Top 10 Contributor
545 solutions 5139 answers

graham12 said

Thanks for your suggestions, but I trust Microsoft products less than I trust anything else, especially after they tried to foist Windows 10 Nagware onto my machine under the guise of a "Critical Update"!

And that's when I hear alarm bells ringing .....

Would you please tell us more about this "Critical Update Nagware" ?

Was this about a fake Firefox update, Adobe Flash, or something else ?

''graham12 [[#answer-1254764|said]]'' <blockquote> Thanks for your suggestions, but I trust Microsoft products less than I trust anything else, especially after they tried to foist Windows 10 Nagware onto my machine under the guise of a "Critical Update"! </blockquote> And that's when I hear alarm bells ringing ..... Would you please tell us more about this "Critical Update Nagware" ? Was this about a fake Firefox update, Adobe Flash, or something else ?
Was this helpful to you? 0
Quote
FredMcD
  • Top 10 Contributor
4256 solutions 59602 answers

Helpful Reply

It's been a long time since anyone asked about that.

https://www.bing.com/search?q=GWX.exe&pc=MOZI&form=MOZSBR

It's been a long time since anyone asked about that. https://www.bing.com/search?q=GWX.exe&pc=MOZI&form=MOZSBR
Was this helpful to you? 1
Quote

Question owner

McCoy said

Would you please tell us more about this "Critical Update Nagware" ?

What FredMcD said.

Here's another take on what a stupid and short-sighted act this was on Microsoft's part: https://www.pcworld.com/article/3075729/fearing-forced-windows-10-upgrades-users-are-disabling-critical-updates-at-their-own-risk.html

Even before that, I would always check what each Windows Update actually did instead of blindly installing it.

PS recent Windows Updates are now starting to push "We're no longer supporting Windows 7, update to Windows 10 nagware..."

"This nag message arrives as part of KB4493132, an update that will be automatically installed by Windows Update if your PC has automatic updates enabled."

https://www.howtogeek.com/408556/how-to-avoid-windows-7s-end-of-support-nags/

''McCoy [[#answer-1254767|said]]'' <blockquote> Would you please tell us more about this "Critical Update Nagware" ? </blockquote> What FredMcD said. Here's another take on what a stupid and short-sighted act this was on Microsoft's part: https://www.pcworld.com/article/3075729/fearing-forced-windows-10-upgrades-users-are-disabling-critical-updates-at-their-own-risk.html Even before that, I would always check what each Windows Update actually did instead of blindly installing it. PS recent Windows Updates are now starting to push "We're no longer supporting Windows 7, update to Windows 10 nagware..." "This nag message arrives as part of KB4493132, an update that will be automatically installed by Windows Update if your PC has automatic updates enabled." https://www.howtogeek.com/408556/how-to-avoid-windows-7s-end-of-support-nags/
Was this helpful to you?
Quote
McCoy
  • Top 10 Contributor
545 solutions 5139 answers

Those are upgrade nags though, not update nags ....

And you're right : shouldn't happen.

Also see :

https://www.ghacks.net/2019/01/15/better-check-your-windows-7-pc-for-get-windows-10-gwx-traces/

I'm just glad that you weren't seeing "Critical Update nags" related to Firefox !

Those are upgrade nags though, not update nags .... And you're right : shouldn't happen. Also see : https://www.ghacks.net/2019/01/15/better-check-your-windows-7-pc-for-get-windows-10-gwx-traces/ I'm just glad that you weren't seeing "Critical Update nags" related to Firefox !
Was this helpful to you? 0
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.