Phishing hits a new level of quality

Security Matthias Maier

Hello community,

In recent weeks I’ve noticed that the quality of phishing e-mails I’m receiving (even to my personal account) have reached a new quality. They are getting better and better every day and even the latest spam filters let them through.

Why are they better?

stick_figure_fishing_pc_800_clr_3474

Let’s look at one currently being sent out to many e-mail addresses that appears to be from DHL about tracking orders on the way to your house. For the German speaking market the quality is very good. Previously, end users have easily detected this kind of phishing attack as they contained spelling errors or bad translations form Google translate. Today they no longer include spelling errors and even the graphics and the branding of the e-mail look genuine.

Take a look on your own and see what you think!

Which one is the phishing e-mail?

dhl_spear_phising

Which one do you think is original and which one fake? The sender address in both e-mails is not DHL.

I can tell you – the left one with the OXID7 logo is a valid DHL e-mail – I ordered some doorstops from Amazon (I’ve just moved house).

The hyperlink in the DHL phishing email is the malicious content linking to a *.org page to start delivering malware for download.

What can you do?

We will see more and more of these advanced and targeted attacks in the future and you can’t prevent them completely. Even if you can prevent 95% with up to date technology, letting 5% through is still a threat.

So it’s more and more important that organizations have visibility and the ability to create awareness once they identify that a phishing attack has succeeded.

In this example an organization needs to have the capability to ask the following questions:

who_has_the_answer_800_clr_5653

If organizations have the capability to get quickly answers to their questions they lower their risk and can respond with the right actions to prevent further damage.

Thanks for reading!

Matthias

Further Reading:

Preparing users for phishing attacks with Splunk

Identifying Phishing Sites in Your Events

Risk Analysis With Enterprise Security 3.1

Related Articles

Top In-Demand Cybersecurity Skills in the Upcoming Years
Security
2 Minute Read

Top In-Demand Cybersecurity Skills in the Upcoming Years

Automation is optimizing SOC workflows but also shaking up the cybersecurity workspace. Skills that were once in high demand are decreasing in value. Splunker Matthias Maier took a closer look into cybersecurity developments and shares which cybersecurity skills professionals should be focussing on in the upcoming years.
Splunk Named a Leader in the Gartner® Magic Quadrant™ for SIEM
Security
3 Minute Read

Splunk Named a Leader in the Gartner® Magic Quadrant™ for SIEM

Splunk has been named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM), which is the tenth consecutive time for Splunk in the Leaders Quadrant.
3 Important German BSI Documents Every SIEM & SOC Manager Needs To Know About
Security
3 Minute Read

3 Important German BSI Documents Every SIEM & SOC Manager Needs To Know About

The German IT Security Act 2.0 (IT-SiG 2.0) has been in force for some time now. Due to this new law, significantly more German companies have been classified as operators of critial infrastructures (KRITIS) than ever. This is a major cause of headaches for many managers. In addition, IT departments are starting to ask themselves: "Are we now regarded as KRITIS"? And if so, "What do we have to take into consideration?" Splunker Matthias Maier shares the 3 most important BSI documents every SIEM and SOC manager needs to know about.