Phishing Mail Report June 2024

1) Generic inbox phishing

The largest phishing email campaign this month is a generic inbox phishing campaign.

These fraudulent messages mainly target university and college mailboxes. The reason: These mailboxes usually have a high rating and additional certificates such as DKIM and SPF.

The misuse of these mailboxes increases the success rate of further spam campaigns. Even if only one mailbox is exploited, the campaign can be multiplied by forwarding, mailing lists and recipient groups, which considerably increases the volume of unwanted messages and makes them more difficult to detect.

Since many email providers have tightened their filtering mechanisms and mandatory certificate requirements for sending large volumes of messages (such as Google and Yahoo’s DMARC initiative in February 2024), such fraudulent messages have become more common. This approach is lucrative because a reputable e-mail address can be used more successfully for unsolicited messages than a newly set up mail server. A captured mailbox is therefore more efficient and easier to replace if it is blocked.

2) IHK (variant 1)

One notable phishing scheme targets companies by imitating a message from the Chamber of Industry and Commerce (IHK) and pretending that a digital IHK key must be requested. A link leads to a fake website that looks very similar to the real one. All company-specific data should then be entered there.

3) IHK (variant 2)

Another phishing attack also targets companies, but imitates a less well-designed IHK message. It is claimed that the contact details need to be updated. Here too, a link leads to a website that was already inactive at the time of the analysis. Overall, there has been a clear trend towards IHK phishing in recent weeks.

4) Swiss-Pass

A “well” done phishing targeting Swiss Federal Railways subscribers. Once again, a clickable link is offered to solve supposed problems. However, this link was inactive at the time of the analysis. It can be assumed that the access data for the “Swiss-Pass” was to be tapped via this page.

How to recognize phishing

Phishing emails aim to steal sensitive information such as credit card details, passwords or other personal data. These emails can be difficult to recognize at first glance, as they often appear authentic and imitate legitimate senders.

Here are some features and tips for identifying phishing emails:

1. check the sender address

Phishing e-mails often use sender addresses that look very similar to the real addresses but have small differences. Watch out for unusual or unknown domain names. A closer look at the sender’s address can often provide an indication of whether the e-mail is trustworthy.

2. general salutation

Phishing emails are often impersonal and use general salutations such as “Dear customer” or “Hello user”. Reputable companies usually address you by name.

3. urgency and threats

Phishing emails often create a sense of urgency by claiming that immediate action is required to solve a problem or prevent a block. They may also contain threats, such as closing your account if you do not respond immediately.

4. spelling and grammatical errors

Many phishing emails contain conspicuous spelling and grammatical errors. Reputable companies generally send grammatically correct messages.

5. suspicious links

Phishing emails usually contain links that lead to dangerous fake websites. Hover the mouse pointer over the link to display the actual URL. If the URL looks suspicious or does not match the alleged source, do not click on it.

6. unsolicited attachments

Be careful with e-mails with unexpected attachments, especially if you do not know the sender. Attachments may contain malware that can infect your computer.

7. request personal information

Reputable companies rarely ask you by e-mail to disclose confidential information such as passwords, social security numbers or credit card details. Be suspicious if an e-mail requests such information.

8. verification of authenticity

If you have any doubts about the authenticity of an email, contact the company directly via a known and trusted phone number or website. Do not pass on any information that was requested in the e-mail in question.

9. security certificates

Look for the presence of a security certificate (https://) in the URL of websites you click on. Phishing sites often do not have valid security certificates.

On the safe side with eXpurgate

Phishing emails can be recognized on the basis of certain characteristics, but companies in particular need a professional email security solution in order to protect themselves comprehensively. The risk of phishing attacks is too great and not all employees can be made 100% aware of this problem. In addition, there is often little time in everyday working life to carefully check every incoming email.

eXpurgate uses advanced algorithms and machine learning techniques to identify suspicious emails that exhibit phishing characteristics. With a spam detection rate of over 99.99% and the detection of over 1 billion emails per day, eXpurgate offers an exceptionally high level of security on the market.

Find out now in a non-binding consultation about the advantages of eXpurgate for protection against phishing emails and other dangers in email communication.