Differences

This shows you the differences between two versions of the page.

--- general:mail [2024-03-05 10:23] – [Woher haben Spam-Versender meine Adresse?] Markus Rosenstihl
+++ general:mail [2024-03-05 10:27] (current) – [Phishing] Markus Rosenstihl
@@ Line 99: / Line 99: @@
 From the BSI, retreived 2021-11-16
+(English translation)
+Those who want to spread viruses and worms via email like to hide behind legitimate-sounding sender addresses: both spam and phishing email senders use them to disguise their true identity. This is because sending spam is illegal in Germany. In addition, the trustworthy name is intended to increase the chance that a recipient will actually open the email.
+A look behind the technical scenes: Special computer worms misuse e-mail addresses in order to multiply: They send themselves to every address they discover on an infected system. To do this, they search through contact folders and HTML files, among other things. Most browsers store recently visited websites for a certain period of time in a so-called cache, which thus becomes a rich source of addresses for resourceful computer worms.
+A second starting point for address forgers are incorrectly configured e-mail servers that can process any e-mail address. This can also be used to send e-mails with a forged sender. In contrast, a correctly configured e-mail server only sends and receives e-mails from a specific address range.
 ==== CEO Fraud ====
@@ Line 109: / Line 120: @@
 Diese Art von Spam kommt auch bei uns manchmal vor, bitte auf die Mailadressen achten.
+(English translation)
+CEO Fraud (also known as Business Email Compromise (BEC), Fake President Fraud (FPF) or Bogus Boss Email) is a scam in which companies are manipulated into transferring money using false identities.
+Typically, the emails are well forged and appear to come from a member of the company management. These emails instruct the transfer of large sums of money to a foreign bank account for supposedly legitimate reasons. However, very good forged letters (logos of federal authorities, stamped nationality marks, authorisation signatures of board members) are also not uncommon. The good forgeries are often not recognisable as the criminals research internal company information in advance. In addition to publicly available information, they also use data obtained through social engineering. The executing employees are often put under time pressure and told to keep the transfer secret. "Patriarchal, authoritarian companies in which doubt and contradiction are not welcome" are particularly susceptible.
+[[https://en.wikipedia.org/wiki/Phishing|Wikipedia article]] about the types of fishing.
+This type of spam also sometimes occurs in our organisation, please pay attention to the email addresses.
 ====== Custom Spam Filter ======
 Der Filter auf unserem Mailser war zu restriktiv und zu viele Mails wurden fälschlicherweise als Spam deklariert und in den Spam/Junk Ordner verschoben.