+49 7131 / 1226 – 500 info@dataglobal.com

Phishing Mail Report June 2024

Welcome to the Phishing Mail Report for June 2024. Phishing mails are designed to steal sensitive information such as access data to online accounts. The senders disguise themselves as well-known companies, such as large streaming services or banks. In this report, we take a look at some of the most common phishing emails in June and show you how to recognize them. As always, the analyzed data comes from the eleven Detection Lab, which is part of the dataglobal Group.

 

Different variants of phishing e-mails purporting to be sent in the name of the IHK were particularly frequent this month. Here are the biggest phishing cases in June 2024:

 

  • Generic inbox phishing
  • IHK (two phishing variants)
  • Swiss-Pass

1) Generic inbox phishing

The largest phishing email campaign this month is a generic inbox phishing campaign.

These fraudulent messages mainly target university and college mailboxes. The reason: These mailboxes usually have a high rating and additional certificates such as DKIM and SPF.

The misuse of these mailboxes increases the success rate of further spam campaigns. Even if only one mailbox is exploited, the campaign can be multiplied by forwarding, mailing lists and recipient groups, which considerably increases the volume of unwanted messages and makes them more difficult to detect.

Since many email providers have tightened their filtering mechanisms and mandatory certificate requirements for sending large volumes of messages (such as Google and Yahoo’s DMARC initiative in February 2024), such fraudulent messages have become more common. This approach is lucrative because a reputable e-mail address can be used more successfully for unsolicited messages than a newly set up mail server. A captured mailbox is therefore more efficient and easier to replace if it is blocked.

2) IHK (variant 1)

One notable phishing scheme targets companies by imitating a message from the Chamber of Industry and Commerce (IHK) and pretending that a digital IHK key must be requested. A link leads to a fake website that looks very similar to the real one. All company-specific data should then be entered there.

 

Phishing Mail Report June 2024
Phishing Report: Example Phishing comdirect

3) IHK (variant 2)

Another phishing attack also targets companies, but imitates a less well-designed IHK message. It is claimed that the contact details need to be updated. Here too, a link leads to a website that was already inactive at the time of the analysis. Overall, there has been a clear trend towards IHK phishing in recent weeks.

 

Phishing Report: Example Phishing Commerzbank

4) Swiss-Pass

A “well” done phishing targeting Swiss Federal Railways subscribers. Once again, a clickable link is offered to solve supposed problems. However, this link was inactive at the time of the analysis. It can be assumed that the access data for the “Swiss-Pass” was to be tapped via this page.

 

Phishing Mail Report: Example Phishing Telekom
Phishing report: Example of phishing Telekom customers
Phishing report: Example of phishing Telekom customers

How to recognize phishing

Phishing emails aim to steal sensitive information such as credit card details, passwords or other personal data. These emails can be difficult to recognize at first glance, as they often appear authentic and imitate legitimate senders.

Here are some features and tips for identifying phishing emails:

 

1. check the sender address

Phishing e-mails often use sender addresses that look very similar to the real addresses but have small differences. Watch out for unusual or unknown domain names. A closer look at the sender’s address can often provide an indication of whether the e-mail is trustworthy.

 

2. general salutation

Phishing emails are often impersonal and use general salutations such as “Dear customer” or “Hello user”. Reputable companies usually address you by name.

 

3. urgency and threats

Phishing emails often create a sense of urgency by claiming that immediate action is required to solve a problem or prevent a block. They may also contain threats, such as closing your account if you do not respond immediately.

 

4. spelling and grammatical errors

Many phishing emails contain conspicuous spelling and grammatical errors. Reputable companies generally send grammatically correct messages.

 

5. suspicious links

Phishing emails usually contain links that lead to dangerous fake websites. Hover the mouse pointer over the link to display the actual URL. If the URL looks suspicious or does not match the alleged source, do not click on it.

 

6. unsolicited attachments

Be careful with e-mails with unexpected attachments, especially if you do not know the sender. Attachments may contain malware that can infect your computer.

 

7. request personal information

Reputable companies rarely ask you by e-mail to disclose confidential information such as passwords, social security numbers or credit card details. Be suspicious if an e-mail requests such information.

 

8. verification of authenticity

If you have any doubts about the authenticity of an email, contact the company directly via a known and trusted phone number or website. Do not pass on any information that was requested in the e-mail in question.

 

9. security certificates

Look for the presence of a security certificate (https://) in the URL of websites you click on. Phishing sites often do not have valid security certificates.

 

On the safe side with eXpurgate

Phishing emails can be recognized on the basis of certain characteristics, but companies in particular need a professional email security solution in order to protect themselves comprehensively. The risk of phishing attacks is too great and not all employees can be made 100% aware of this problem. In addition, there is often little time in everyday working life to carefully check every incoming email.

eXpurgate uses advanced algorithms and machine learning techniques to identify suspicious emails that exhibit phishing characteristics. With a spam detection rate of over 99.99% and the detection of over 1 billion emails per day, eXpurgate offers an exceptionally high level of security on the market.

Find out now in a non-binding consultation about the advantages of eXpurgate for protection against phishing emails and other dangers in email communication.

 

More news

Social engineering – 6 tips on how companies can protect themselves

No matter how good the technical security precautions in companies are: The human factor is often the weakest link in the security chain. In social engineering, cyber criminals exploit this potential vulnerability by faking a personal relationship with the victim in order to carry out their criminal activities. How do you recognize social engineering and how can companies protect themselves and their employees?

read more

Digital document management system – Find out everything you need to know about DMS.

The efficient management of digital documents is a necessity in the modern working world. A digital document management system (or “DMS” for short) is therefore becoming a must-have for companies – and not just for corporations, but also for SMEs. In this article, you will find out what a digital document management system actually is, what functions it fulfills and what advantages it can offer your company.

read more

Managed IT services: Is it worth it for my company? Can I simply outsource my IT?

Managing and monitoring their IT poses challenges for many companies. There is a lack of resources to set up an in-house support team that is up to the task. Managed IT services offer one solution, with external specialists taking over individual IT sub-areas through to complete IT operations. Find out here what Managed IT Services actually are, what advantages they offer and whether the model is also worthwhile for you.

read more

Arrange a consultation now

Your Digital Workplace - Solutions

Security

Email Security Cloud

Email Security On-Premise

Workflows

Digital Travel Expense Report

Digital Contract Management

Digital Purchase Requisition

Digital File Solution

Business Process Management

Managed Service

Managed IT Services

Managed Services für ECM

Nicolas Schwarzpaul is the new CEO of the dataglobal Group

Management change heralds the next stage in the...

it-sa 2024 | 22.-24.10.2024

it-sa Expo&Congress is Europe's largest...

Comic: Everyday life in the office – protection against social engineering

In this comic you can find out more about social engineering and how you can protect yourself with awareness training and software.

Employee interview 06/2024: Pia Studzinski (trainee in Sales)

Interview series with employees of the dataglobal Group. This time with Pia (Sales).

Maverick buying – unplanned purchases in companies

Maverick buying represents a challenge for the procurement management of companies. The term describes a practice in which employees procure goods or services outside the established purchasing processes and without authorization.

SoSafe partnership

The mail security experts of the dataglobal...

IT security for SMEs: dg Group publishes official e-book

The dataglobal Group publishes the official dg Group guide on IT security for SMEs. Find out everything you need to know about the current state of IT security in SMEs, cyber threats and the measures you can take to counter them successfully.

Phishing Mail Report for May 2024

In this report, we take a look at the most common phishing emails in May and explain how you can recognize them. The alleged senders of the biggest phishing attacks this time include comdirect Bank, Commerzbank and Telekom.

Employee interview 05/2024: Lina Dillhardt (working student in Marketing)

The interview series with employees of the dataglobal Group. An interview with Lina Dillhardt, working student in Marketing.

Microsoft: Police warn of cyber attacks on Office 365

The LKA NRW warns of cyberattacks on Office 365, especially via Outlook and document management. The attacks affect not only companies, but also their customers. The perpetrators aim to take over email accounts and send malicious attachments or links in the name of companies.

Content & News Hub

News

Whitepaper

Success Stories

Know - what is...?

Press

Events