Okta/auth0 enabled domain spam/flooding/phishing activity

Hi!

I’ve recently noticed a smattering of account verification emails from no-reply@auth0user.net for accounts in our security catchall mailbox.

It appears that a malicious third party is attempting to sign up to your services using our domain, hoping that one of our people might accidentally click on the account verification link.

I’ve reported this to customer service yesterday but haven’t heard back, and it appears the actor(s) aren’t being blocked and the activity continues.

I’ve unfortunately had to resort to reporting all auth0 mails as spam and phishing activity.

We’re not an auth0 customer at this time.

Hi @user912390878909876,

I am sorry about the issue that you are facing.

It is firstly to be specified that no-reply@auth0user.net is the default email address suggested in the From field for Auth0 tenants, such as when using our email templates.

What i would recommend is to report this phishing attempt directly by providing detailed information via email at phishing@auth0.com, which is specifically designated for this type of reports.

Please let me know how this goes.
Thanks,
Remus