Nginx ignoring server_name

I have a website running on an Nginx web server which runs over HTTPS. I noticed recently that someone has pointed their domain to my web server and Nginx is serving my website to this bad domain. It looks like it's even indexing in google...

The best way to deal with this or a similar situation is to create a default catchall server block. For example, here's what I have to serve other domains that are pointed towards my server's IP.

server {
    listen 80 default_server;
    server_name _;

    # deny all
    location / {
        return 403;
    }
}

I hope that helps!