Phishing Mail Report November 2024
Welcome to the phishing email report for November 2024! Once again this month, there are numerous emails in circulation whose senders pretend to be legitimate companies and aim to steal recipients’ personal information.
In this report, we highlight the most frequently reported phishing emails in November and provide information on how you can reliably detect such fraud attempts. The analyses summarized here are based on the latest data from the eleven Detection Lab of the dataglobal Group.
1. ADAC: Account activity and fraudulent links
The ADAC, Germany’s largest automobile club, is often used by cyber criminals as a cover to steal personal data. The perpetrators send emails claiming to inform about “unusual account activity”. To clarify the problem, the recipient is asked to click on a link that leads to a fake page. These phishing emails are often deceptively real and contain the colors and logos of the ADAC.
Fake ADAC website
Example campaigns
Campaign 1
Campaign 2
Conclusion
These ADAC phishing campaigns clearly show how effective copying design and brand identity is in gaining the trust of recipients. In particular, caution should always be exercised with requests for “account activity” – genuine companies rarely request such actions by email.
2. Austrian Health Insurance Fund (ÖGK): Request for sensitive information
The Austrian Health Insurance Fund (ÖGK) has also been imitated in fraudulent emails. The phishing emails use ÖGK’s color schemes and symbols to deceive recipients and trick them into entering sensitive information.
Example campaigns
Campaign 1
Campaign 2
Conclusion
The perpetrators behind these phishing emails used real company websites or copied the brand elements of the ÖGK to increase credibility. Health topics are sensitive for many people, which increases the risk of such messages being opened and links being clicked on.
3rd Postbank: Account blocking and alleged security messages
Another institution frequently affected is Postbank. In recent phishing campaigns, recipients were told that their account was blocked “for technical reasons”. To fix this, a link to “update” was provided. The phishing mail uses Postbank’s colors and logo to build trust.
Example campaign
Conclusion
Cyber criminals often use dramatic messages such as account blocking to force a quick response. It is advisable to contact customer support directly instead of clicking on links in such emails.
4. other campaigns and frequently affected brands
In addition to the campaigns mentioned above, phishing attacks on the following well-known companies were also observed:
- Lufthansa Miles & More
- Amazon
- DKB Bank
- ING Bank
- DHL
- Meta
- American Express
These brands are particularly attractive to fraudsters as many customers regularly use their services. In these cases, the messages often feign special offers, account suspensions or unusual account activity.
Tips for recognizing and avoiding phishing
Phishing emails often look authentic – but you can recognize them and avert damage if you are attentive and pay attention to the following tips:
- Check the URL carefully: Phishing pages use URLs that are similar to the original but have small differences.
- Do not trust urgent requests: Reputable companies rarely request direct action via e-mail links.
- Contact customer service directly: If you have any doubts about an e-mail, contact the official support directly.
- Do not pass on any confidential information: Never enter personal data via links in e-mails.
- Update your security software: Modern security software can block suspicious phishing websites.
Phishing remains a constant threat, but with vigilance and the right precautions you can protect yourself. Stay up to date and regularly check the security measures for your online accounts!
More news
Social engineering – 6 tips on how companies can protect themselves
No matter how good the technical security precautions in companies are: The human factor is often the weakest link in the security chain. In social engineering, cyber criminals exploit this potential vulnerability by faking a personal relationship with the victim in order to carry out their criminal activities. How do you recognize social engineering and how can companies protect themselves and their employees?
Critical Outlook vulnerability discovered (February 2024)
In February 2024, security researchers discovered a vulnerability in Microsoft Outlook and classified it as critical. You can read everything you need to know as a user here.
Bitcoin Halving 2024 : Danger from phishing mails on the rise
More and more cases of crypto phishing! The reason is the high Bitcoin price and the upcoming Bitcoin Halving 2024.
Digital document management system – Find out everything you need to know about DMS.
The efficient management of digital documents is a necessity in the modern working world. A digital document management system (or “DMS” for short) is therefore becoming a must-have for companies – and not just for corporations, but also for SMEs. In this article, you will find out what a digital document management system actually is, what functions it fulfills and what advantages it can offer your company.
Managed IT services: Is it worth it for my company? Can I simply outsource my IT?
Managing and monitoring their IT poses challenges for many companies. There is a lack of resources to set up an in-house support team that is up to the task. Managed IT services offer one solution, with external specialists taking over individual IT sub-areas through to complete IT operations. Find out here what Managed IT Services actually are, what advantages they offer and whether the model is also worthwhile for you.