• Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • HOME
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
    • M365 Mail Security
  • SUPPORT
    • Knowledge Base
    • Forum
    • Training courses
    • Support Request
    • Software-Download
    • Resources
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
  • COMPANY
    • Team
    • Testimonials
    • Career
    • Contact
  • EVENTS
    • Events
    • Webcast Training
  • BLOG
  • FREE TRIAL VERSION
    • Price request
    • Free trial version
  • English
    • Deutsch
  • Search
  • Menu Menu
  • Vorsicht bei Phishing-Attacken mit bit.ly Links geboten

32Guards Reports: Beware of Phishing Attacks with bit.ly Links

In recent days, the security experts at NoSpamProxy have recorded a significant increase in the number of phishing attacks using the well-known URL shredder service bit.ly. Here the attackers use the well-known pattern of “hello spam”.

The Email in question contains only a very short message and exactly one phishing link. Here are some current examples:

  • 32Guards-bit.ly-HalloSpam1
  • 32Guards-bit.ly-HalloSpam2
  • 32Guards-bit.ly-HalloSpam3
  • 32Guards-bit.ly-HalloSpam4
PreviousNext
1234

Increased emergence of bit.ly links

Typically you will see an emoji followed by a very short text and then a bit.ly link. In by 32Guards collected data a clearly increased emergence of bit.ly left can be recognized:

Graph bit.ly Links

The graph shows the number of sightings of bit.ly links (per hour) in 32Guards. The assumption here is that a large part of the additional volume is due to phishing (for 15.9.2020 this would be just under 20,000 URLs). These attacks hold a high potential of danger.

32Guards sends warning for affected URLs

In recent months we have been able to achieve good success with 32Guards in terms of “Hello-Spams”. However, previous phishing attacks have used unknown URL-shortening services or machine-generated blogspot pages that are easily recognized as malicious. In the case of the bit.ly-URLs used here, this is not so easy, since they are also found in legitimate Email communication. Due to the particular threat situation, the 32Guards service is currently sending an alert for these URLs. All customers who already participate in the 32Guards beta version will be awarded 2 SCLs. Due to the few other suspicious characteristics of these e-mails, this unfortunately does not always lead to a rejection.

How can you fend off spam mails with bit.ly links?

For a stricter handling of this spam e-mail we recommend the following temporary local modification:

Under NoSpamProxy Management Console > Configuration > preferences > word matches > “Add” a word group can be created as shown in the example. The corresponding pattern can then be defined here.

Danach kann in den Inbound-Regeln (NoSpamProxy Management Konsole > Konfiguration > Regeln) unter „Filter“ der Filter „Wortübereinstimmungen“ ergänzt werden (falls dieser noch nicht verwendet wird) und die neu erstellte Wortgruppe „Gesperrte Links“ ausgewählt werden.

With this procedure all Emails with bit.ly-URLs are rejected. In our current data it is to be recognized at present that the attacks are dispatched mainly from “outlook.com” or “hotmail.com” addresses. This finding allows for a more selective approach to reduce the false positive rate.

First a new custom rule is created, e.g. by duplicating the existing “All other inbound mails” rule. The word group “Blocked Links” created above can then only be used in this new rule. The new rule can be restricted to the relevant MAIL FROM domains under “Message Flow“:

Use 32Guards now

The 32Guards action in NoSpamProxy collects and analyzes metadata about emails and attachments. The goal: to build an even more powerful anti-malware intelligence that can detect and fend off attacks by spam and malware even faster and more purposefully. If you are interested in using the beta version of Project 32Guards, send an e-mail with the subject “32Guards activation” to NoSpamProxy support and attach a screenshot of your license details.

Use 32Guards now

The Security Insider picked up our blog article and published a post about it.

  • share 
  • share 
  • tweet 
  • email 

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

Knowledge Base

Knowledge Base

Note: The information in this knowledge base is only relevant for NoSpamProxy up to version 13.2. All information for NoSpamProxy 14 and higher can be found in the online documentation.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events
Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • NoSpamProxy Cloud January 2023 Update06.02.2023 - 10:45
  • Info IconImportant announcement about Cyren services in NoSpamProxy Protection03.02.2023 - 12:47
  • Info IconDegradation of spam detection by Cyren services: What you should do now02.02.2023 - 16:05
IMPRINT • EULA • Privacy Policy • © 2023 Net at Work GmbH
  • Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
Net at Work releases NoSpamProxy CloudNoSpamProxy Cloud Logo(Fast) alle Wege führen in die Cloud Preview(Almost) All roads lead to the cloud
Scroll to top