I was hit with a phishing attempt twice today.<p>Once using my Safari on my iPhone and once using Firefox on Elementary OS.<p>These are relatively secure, and I’m careful when browsing. It seemed very weird that I had a malware on both of them.<p>The scam is directed towards users of a very popular ISP.<p>Things got strange when I try to submit the url to phishtank.com - the website is blocked. I tried to access it over WiFi and 4G connections in my girlfriend’s phone and mine (all using the same provider), with no luck.<p>So I try to use my VPN. Phishtank works normally.<p>I know it sounds paranoid - but I’m starting to think that the ISP could have been hacked.<p>I’m here to ask for advice: what do I do?<p>I have no idea of how to proceed, and how to track the origin of the problem.
This sounds like your router has been hacked and your default DNS set to malicious servers. I've had this happen a few times in Thailand where the default ISP routers had a vulnerability. The hacked router would set the DNS to servers controlled by the attacker, and then selectively route specific website such as banking to very good clones. Try manually setting your DNS to 8.8.8.8 and 1.1.1.1 and see what happens.
Do a DNS lookup of sites you trust on your ISP and on your VPN and using public resolvers. Look up who owns those IP's using web based whois sites over your VPN. That should give you more information to make an informed decision.
If you couldn't get to phishtank.com on 4G then it's probably not your ISP being "hacked", unless of course your landline and mobile ISPs are the same.
How are we supposed to diagnose this without any details at all? "I was hit with a phishing attempt twice today."<p>Via email? Via social media? you've got to explain yourself better.<p>What was the context of the phish? Where are the raw emails?