+49 7131 / 1226 – 500 info@dataglobal.com

Phishing Mail Report December 2024

Welcome to the Phishing Mail Report for December 2024! Once again this month, there are numerous emails in circulation whose senders disguise themselves as reputable companies and aim to steal confidential information from recipients. In this report, we take a look at the most frequently reported phishing attacks and offer practical tips to help you reliably detect these scams. As usual, the following analyses are based on the latest findings of the eleven Detection Lab of the dataglobal Group.

1) Paypal

This phishing campaign does not contain the classic links normally found in phishing emails. Instead, it contains several call-back numbers that are supposedly to be used to complain about an incorrectly sent bill. Behind these numbers are expensive hotlines whose costs per minute can be very high, even if they are listed as free. In addition, attempts are made during the call to obtain the recipient’s access data.

It is noticeable that the emails are sent via the legitimate PayPal infrastructure, which makes the authentication of the message (DKIM, SPF, DMARC) appear correct and the IP addresses for sending match. Only the telephone numbers make it clear that this is a scam.

 

Example campaign

PayPal phishing December 2024

2) German Railways (DB)

Another phishing campaign focuses on an alleged refund for a ticket purchase. A clickable link in the text leads to a fake website where the fraudsters try to obtain the recipient’s access data.

 

Example campaign

DB Phishing December 2024

3) ADAC

This campaign also claims to have detected unusual activity on an account. To clarify this, the recipient is asked to click on a link in the email. The design of the messages mimics the colors and logos of the ADAC.

 

Example campaign

ÖGK Example 1 Phishing Report November

4) Austrian Health Insurance Fund (ÖGK)

There are still large-scale phishing campaigns whose senders pretend to be the Austrian Health Insurance Fund (ÖGK). The official colors, design elements and symbols are used, which sometimes makes the emails look very authentic.

 

Example campaigns

Campaign 1

ÖGK Phishing 1 December 2024

Campaign 2

ÖGK Phishing 2 December 2024

Campaign 3

ÖGK Phishing 3 December 2024

5) Other known phishing campaigns in December 2024

In addition to the campaigns mentioned above, there are several other large-scale and therefore noteworthy phishing attacks in December. Particularly noticeable are imitations of the following companies/portals, which you should watch out for:

 

  • Lufthansa Miles & More
  • Wise
  • WeTransfer
  • Strato AG
  • ING Bank
  • Netflix
  • Docusign

Tips for recognizing and avoiding phishing

Phishing emails can look deceptively genuine – but with a little knowledge about phishing, you can protect yourself to a certain extent. Pay attention to the following tips to recognize fraudulent e-mails:

Check the URL carefully: Phishing websites use URLs that are similar to the original, but often contain minimal deviations.

Be careful with urgent requests: Reputable companies rarely request immediate action via e-mail links.

Contact customer service directly: If you have any doubts about an e-mail, contact the official customer service directly.

Do not pass on any personal data: Never enter sensitive information via links in emails.

Update your security software: Modern security software helps to block suspicious phishing websites.

Phishing remains a persistent threat, but with vigilance and the right protective measures, you can effectively protect yourself against it. Make sure you regularly check and update the security measures for your online accounts! Keep checking the monthly phishing report to keep track of all new campaigns.

Securely positioned with eXpurgate

Although phishing emails can often be recognized by certain characteristics, it is crucial for companies to rely on a reliable email security solution. Even with training for employees, there is a risk that not all suspicious messages will be recognized – especially in a stressful work environment where there is often not enough time to check every email thoroughly.

eXpurgate uses modern algorithms and machine learning to reliably identify potentially dangerous emails. With a detection rate of over 99.99% and the analysis of more than one billion emails a day, eXpurgate offers an exceptionally high level of protection.

Arrange a no-obligation consultation to find out more about how eXpurgate can effectively protect you against phishing attacks and other dangers in email traffic.

More news

Social engineering – 6 tips on how companies can protect themselves

No matter how good the technical security precautions in companies are: The human factor is often the weakest link in the security chain. In social engineering, cyber criminals exploit this potential vulnerability by faking a personal relationship with the victim in order to carry out their criminal activities. How do you recognize social engineering and how can companies protect themselves and their employees?

read more

Digital document management system – Find out everything you need to know about DMS.

The efficient management of digital documents is a necessity in the modern working world. A digital document management system (or “DMS” for short) is therefore becoming a must-have for companies – and not just for corporations, but also for SMEs. In this article, you will find out what a digital document management system actually is, what functions it fulfills and what advantages it can offer your company.

read more

Managed IT services: Is it worth it for my company? Can I simply outsource my IT?

Managing and monitoring their IT poses challenges for many companies. There is a lack of resources to set up an in-house support team that is up to the task. Managed IT services offer one solution, with external specialists taking over individual IT sub-areas through to complete IT operations. Find out here what Managed IT Services actually are, what advantages they offer and whether the model is also worthwhile for you.

read more

 

Arrange a consultation now

"]

Your Digital Workplace - Solutions

Security

Email Security Cloud

Email Security On-Premise

Workflows

Digital Travel Expense Report

Digital Contract Management

Digital Purchase Requisition

Digital File Solution

Business Process Management

Managed Service

Managed IT Services

Managed Services für ECM

Content & News Hub

News

Whitepaper

Success Stories

Know - what is...?

Press

Events