+49 7131 / 1226 – 500 info@dataglobal.com

Phishing Mail Report for May 2024

Welcome to the latest Phishing Mail Report. In May, the eleven Detection Lab again registered a large volume of fraudulent e-mails, including numerous phishing attacks. The aim of these phishing emails is to steal sensitive information, in particular access data to online accounts. The senders disguise themselves with the names of well-known companies, e.g. major streaming services or banks. In this report, we take a look at the most common phishing emails in May and explain how you can recognize them.

Here are the alleged senders of the biggest phishing attacks:

 

  • comdirect Bank
  • Commerzbank
  • Telecom

1) Generic inbox phishing

The largest phishing campaign in terms of numbers is aimed at obtaining login data for e-mail inboxes. These messages appear to come from the provider of the recipient’s e-mail service. The user is asked to click on a link contained in the message text in order to release supposedly blocked messages.

The user is asked to enter their access data on the fake website. After entering the data, the user is redirected to the real domain of their email provider to give the impression that the data has been transmitted securely – but in fact it ends up directly in the hands of the fraudsters.

Phishing mail

2) comdirect Bank

One particularly noteworthy phishing mail attempts to obtain the access data of comdirect Bank customers.

Phishing Report: Example Phishing comdirect

The link contained in the email leads to a website that appears authentic at first glance (e.g. B. “kunden-comdirekt.de”). Each e-mail contains links that can only be used once and are inactive when called up again. In addition, mechanisms such as the blocking of links and messages such as “Unauthorized Access” prevent an analysis of the fake page using a browser debugger or download.

Phishing Report: Example Phishing comdirect

3) Commerzbank

This phishing mail is almost identical to the comdirect bank mailing, but is aimed at Commerzbank customers. The design of the messages and the mechanisms for blocking used links are also integrated. The similarities are immediately recognizable.

Phishing Report: Example Phishing Commerzbank

4) Telecom

What is striking about this phishing mail is its inconspicuousness. No deadlines are set, no problems with the customer account are mentioned and no high costs are threatened.

Phishing Report: Example Phishing Telekom

The phishing mail imitates an order confirmation, whereby all links behind the visible links (e.g. “www.telekom.de/termin-verschieben”) have been replaced by fraudulent Internet addresses (e.g. “h**p://mermaid-kat.net/index.html”).

 

Phishing report: Example of phishing Telekom customers

You can recognize a phishing mail by these characteristics

Phishing emails are often not immediately recognizable, but there are certain characteristics that can help you identify fraudulent messages. Here are some common signs:

 

Unknown sender

Phishing emails often come from unknown and/or suspicious senders.

 

Fake domains

The sender address looks similar to that of a legitimate organization, but differs slightly (e.g. “kunden-comdirekt.de” instead of “comdirect.de”).

 

Urgency and threats

The e-mail often contains an urgent request to act immediately to avoid alleged consequences, such as the blocking of your account. You are threatened that your account will be blocked or you will have to pay high fees if you do not respond immediately.

 

Grammatical and spelling errors

Phishing emails often contain grammatical and spelling mistakes or generally appear poorly worded.

 

Suspicious links and attachments

Before clicking on a link, move the mouse over it (without clicking) to display the actual URL. These links often lead to unknown or suspicious websites. Phishing e-mails also often contain attachments that you are supposed to open. These attachments may contain malware.

 

Impersonal form of address

Generic greetings: Phishing emails often begin with impersonal salutations such as “Dear customer” or “Dear user” instead of using your name.

 

Requests for sensitive information

Unusual requests: Legitimate companies do not normally ask for confidential information such as passwords, credit card numbers or social security numbers via email.

 

Inconsistencies in content

Inconsistencies: Check that the content of the email matches what you would expect from the organization. If something doesn’t fit, it could be phishing.

 

Missing or suspicious contact information

Missing details: Phishing emails often lack the usual contact details or contain suspicious contact details.

 

Vigilance against phishing

Phishing attacks pose a serious threat to online security, especially for companies and their customers. It is important to remain vigilant and check suspicious emails carefully to avoid falling victim to these scams. Raising awareness of phishing techniques and applying proven security measures can help you to protect your data.

 

Play it safe with eXpurgate

While certain characteristics of phishing emails are relatively easy to recognize, companies in particular need a professional email security solution for comprehensive protection. The risk of phishing is too great and not all employees can be fully sensitized. In addition, there is often not enough time to check every incoming e-mail thoroughly.

eXpurgate uses advanced algorithms and machine learning techniques to identify suspicious emails. It analyzes all relevant factors (e.g. content, sender, links, attachments, etc.) to identify potential threats. With eXpurgate, companies no longer have to worry about spam, phishing and malware, as these threats are averted immediately.

Find out now in a non-binding consultation about the advantages of eXpurgate for protection against phishing emails and other threats in email communication.

 

More news

Social engineering – 6 tips on how companies can protect themselves

No matter how good the technical security precautions in companies are: The human factor is often the weakest link in the security chain. In social engineering, cyber criminals exploit this potential vulnerability by faking a personal relationship with the victim in order to carry out their criminal activities. How do you recognize social engineering and how can companies protect themselves and their employees?

read more

Digital document management system – Find out everything you need to know about DMS.

The efficient management of digital documents is a necessity in the modern working world. A digital document management system (or “DMS” for short) is therefore becoming a must-have for companies – and not just for corporations, but also for SMEs. In this article, you will find out what a digital document management system actually is, what functions it fulfills and what advantages it can offer your company.

read more

Managed IT services: Is it worth it for my company? Can I simply outsource my IT?

Managing and monitoring their IT poses challenges for many companies. There is a lack of resources to set up an in-house support team that is up to the task. Managed IT services offer one solution, with external specialists taking over individual IT sub-areas through to complete IT operations. Find out here what Managed IT Services actually are, what advantages they offer and whether the model is also worthwhile for you.

read more

Arrange a consultation now

Your Digital Workplace - Solutions

Security

Email Security Cloud

Email Security On-Premise

Workflows

Digital Travel Expense Report

Digital Contract Management

Digital Purchase Requisition

Digital File Solution

Business Process Management

Managed Service

Managed IT Services

Managed Services für ECM

Nicolas Schwarzpaul is the new CEO of the dataglobal Group

Management change heralds the next stage in the...

it-sa 2024 | 22.-24.10.2024

it-sa Expo&Congress is Europe's largest...

Comic: Everyday life in the office – protection against social engineering

In this comic you can find out more about social engineering and how you can protect yourself with awareness training and software.

Employee interview 06/2024: Pia Studzinski (trainee in Sales)

Interview series with employees of the dataglobal Group. This time with Pia (Sales).

Maverick buying – unplanned purchases in companies

Maverick buying represents a challenge for the procurement management of companies. The term describes a practice in which employees procure goods or services outside the established purchasing processes and without authorization.

SoSafe partnership

The mail security experts of the dataglobal...

IT security for SMEs: dg Group publishes official e-book

The dataglobal Group publishes the official dg Group guide on IT security for SMEs. Find out everything you need to know about the current state of IT security in SMEs, cyber threats and the measures you can take to counter them successfully.

Phishing Mail Report for June 2024

Welcome to the latest Phishing Mail Report for June 2024. In this report, we take a look at some of the most common phishing emails in June and show you how to recognize them.

Employee interview 05/2024: Lina Dillhardt (working student in Marketing)

The interview series with employees of the dataglobal Group. An interview with Lina Dillhardt, working student in Marketing.

Microsoft: Police warn of cyber attacks on Office 365

The LKA NRW warns of cyberattacks on Office 365, especially via Outlook and document management. The attacks affect not only companies, but also their customers. The perpetrators aim to take over email accounts and send malicious attachments or links in the name of companies.

Content & News Hub

News

Whitepaper

Success Stories

Know - what is...?

Press

Events