• Link to Rss this site
  • Link to LinkedIn
  • Link to Youtube
  • Link to X
  • Link to Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • SOLUTIONS
    • M365 Mail Security
    • Managed Certificates
    • 32Guards
    • AS4
  • RESOURCES
    • Documentation
    • Forum
    • Webcast Training
    • Training Courses
    • Support
    • Software Download
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
    • NFR Licenses
  • COMPANY
    • Contact
    • Testimonials
    • Team
    • Career
    • Events
    • Awards
  • PRICES
  • BLOG
    • Blog
    • Newsletter Subscription
  • FREE TRIAL VERSION
    • Price Request
    • Free Trial Version
  • English
    • Deutsch
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu
  • Vorsicht bei Phishing-Attacken mit bit.ly Links geboten

32Guards Reports: Beware of Phishing Attacks with bit.ly Links

In recent days, the security experts at NoSpamProxy have recorded a significant increase in the number of phishing attacks using the well-known URL shredder service bit.ly. Here the attackers use the well-known pattern of “hello spam”.

The Email in question contains only a very short message and exactly one phishing link. Here are some current examples:

  • 32Guards-bit.ly-HalloSpam1
  • 32Guards-bit.ly-HalloSpam2
  • 32Guards-bit.ly-HalloSpam3
  • 32Guards-bit.ly-HalloSpam4
Previous Previous Previous Next Next Next
1234

Increased emergence of bit.ly links

Typically you will see an emoji followed by a very short text and then a bit.ly link. In by 32Guards collected data a clearly increased emergence of bit.ly left can be recognized:

Graph bit.ly Links

The graph shows the number of sightings of bit.ly links (per hour) in 32Guards. The assumption here is that a large part of the additional volume is due to phishing (for 15.9.2020 this would be just under 20,000 URLs). These attacks hold a high potential of danger.

32Guards sends warning for affected URLs

In recent months we have been able to achieve good success with 32Guards in terms of “Hello-Spams”. However, previous phishing attacks have used unknown URL-shortening services or machine-generated blogspot pages that are easily recognized as malicious. In the case of the bit.ly-URLs used here, this is not so easy, since they are also found in legitimate Email communication. Due to the particular threat situation, the 32Guards service is currently sending an alert for these URLs. All customers who already participate in the 32Guards beta version will be awarded 2 SCLs. Due to the few other suspicious characteristics of these e-mails, this unfortunately does not always lead to a rejection.

How can you fend off spam mails with bit.ly links?

For a stricter handling of this spam e-mail we recommend the following temporary local modification:

Under NoSpamProxy Management Console > Configuration > preferences > word matches > “Add” a word group can be created as shown in the example. The corresponding pattern can then be defined here.

Danach kann in den Inbound-Regeln (NoSpamProxy Management Konsole > Konfiguration > Regeln) unter „Filter“ der Filter „Wortübereinstimmungen“ ergänzt werden (falls dieser noch nicht verwendet wird) und die neu erstellte Wortgruppe „Gesperrte Links“ ausgewählt werden.

With this procedure all Emails with bit.ly-URLs are rejected. In our current data it is to be recognized at present that the attacks are dispatched mainly from “outlook.com” or “hotmail.com” addresses. This finding allows for a more selective approach to reduce the false positive rate.

First a new custom rule is created, e.g. by duplicating the existing “All other inbound mails” rule. The word group “Blocked Links” created above can then only be used in this new rule. The new rule can be restricted to the relevant MAIL FROM domains under “Message Flow“:

Use 32Guards now

The 32Guards action in NoSpamProxy collects and analyzes metadata about emails and attachments. The goal: to build an even more powerful anti-malware intelligence that can detect and fend off attacks by spam and malware even faster and more purposefully. If you are interested in using the beta version of Project 32Guards, send an e-mail with the subject “32Guards activation” to NoSpamProxy support and attach a screenshot of your license details.

Use 32Guards now

The Security Insider picked up our blog article and published a post about it.

  • share 
  • share 
  • share 
  • email 

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

You need support?

You can find more information about NoSpamProxy in our documentation and forum.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events

NoSpamProxy Newsletter

Subscribe to Newsletter
RSS Feed Logo RSS Feed Logo Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Advanced Threat Protection ATP Preview
    Advanced Threat Protection: NoSpamProxy offers numerous ATP features at no extra charge13.06.2025 - 13:32
  • NoSpamProxy Update
    NoSpamProxy Server 15.5 now available03.06.2025 - 13:00
  • Customer Success Management Tim Kaleja Preview
    Interview: How NoSpamProxy ensures customer satisfaction with strong customer success management26.05.2025 - 10:00
IMPRINT • EULA • Privacy Policy • • © 2025 Net at Work GmbH
  • Link to Rss this site
  • Link to LinkedIn
  • Link to Youtube
  • Link to X
  • Link to Instagram
Link to: Net at Work releases NoSpamProxy Cloud Link to: Net at Work releases NoSpamProxy Cloud Net at Work releases NoSpamProxy CloudNoSpamProxy Cloud Logo Link to: (Almost) All roads lead to the cloud Link to: (Almost) All roads lead to the cloud (Fast) alle Wege führen in die Cloud Preview(Almost) All roads lead to the cloud
Scroll to top Scroll to top Scroll to top