As in previous years, we are used to see a peak in the phishing attacks starting at the beginning of December and ending in the middle of January.
If beginning of December makes perfectly sense, you might have asked yourself why middle of January. Because then people send back the presents they didn’t want to keep. Clever, isn’t it?
The most phished brand is PayPal and we see here all kind of phishing attempts.
We have the classical “Your account is blocked/limited, login here to unlock”, and we have the alarm signal that someone ordered something in your name and you must stop the order. There are many variations and combinations between theses, and it is important to note that they are coming in all languages.
The most interesting phishing is one which delivers the fake website as an HTML attachment.
If opened, a form copied from the PayPal website is shown. The submit button sends the data to an URL.
Fortunately, all these phishing attempts and many other variants are detected accordingly by the Avira Antispam. The target URLs are also blocked by the Web Protection module.
As usual, never click on the links in the email messages, especially if they pretend to come from prominent financial institutions.