{"id":5214,"date":"2020-12-10T11:22:41","date_gmt":"2020-12-10T10:22:41","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/treacherous-cyber-scams-phishers-disguise-themselves-as-mailer-daemons"},"modified":"2024-05-07T13:15:20","modified_gmt":"2024-05-07T11:15:20","slug":"treacherous-cyber-scams-phishers-disguise-themselves-as-mailer-daemons","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/treacherous-cyber-scams-phishers-disguise-themselves-as-mailer-daemons\/","title":{"rendered":"Treacherous cyber scams: Phishers disguise themselves as mailer daemons"},"content":{"rendered":"\n

Every email user has encountered such messages in their own inbox \u2013 notifications from a \u201cmailer daemon\u201d, informing them about emails that could not be delivered. Mailer daemon is the designation used for a program which is responsible for delivering emails. Should the delivery fail for some reason, the daemon sends back a corresponding error message. The sender shown in the \u201cFrom\u201d field of such notifications usually follows the pattern mailer-daemon@servername.com.<\/p>\n\n\n\n

Concrete instructions exert pressure on recipients to act<\/h2>\n\n\n\n

Nothing out of the ordinary, so far? It is precisely these everyday messages that scammers are now increasingly seeking to exploit, as the security experts at Retarus have recently discovered. As far as the layout, sender and subject lines are concerned, these emails resemble the genuine \u201cmessage undeliverable\u201d emails very closely. The text of the message, as is typical for these types of phishing emails, exerts pressure on the reader to take action. The recipient is informed that a number of emails could not be delivered and is advised to take action to rectify this problem. The link contained in the message, which purportedly allows the target of the scam to view the messages which have been held up, deliberately aims to arouse the recipient\u2019s curiosity. Of course, hiding behind the link is not the expected email folder, but a phishing site with its sights set on committing fraud.  <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Genuine email address and reference to Microsoft aim to create impression of trustworthiness<\/h2>\n\n\n\n

The tricky thing about the emails increasingly cropping up at the moment is that the text makes direct reference to the Microsoft system as the sender, and mentions the correct email address of the potential victim again as the user name within the text of the message. The linked URL also takes up this address to suggest authenticity. What\u2019s more, it also employs TLS transport encryption<\/a> so that it can use the https:\/\/ prefix to pretend it is trustworthy, when in fact it is anything but secure.<\/p>\n\n\n\n

Email security services help block phishing URLs<\/h2>\n\n\n\n

Retarus Email Security<\/a> detects these kinds of scams using more than one approach. With the Time-of-Click Protection service<\/a>, the URLs contained in emails are rewritten by default and checked against continually updating phishing databases at the time the link is clicked on. Only once this test has been passed, is the user forwarded to the destination page. Should the URL be classified as suspicious, the user receives a warning to this end in the browser.<\/p>\n\n\n\n

And with the patented Patient Zero Detection<\/a>, Retarus identifies suspect messages even when the links included in them are only identified as potentially harmful once the emails have already been delivered.  <\/p>\n\n\n\n

Regularly sensitizing users remains essential<\/h2>\n\n\n\n

As no email security solution can provide 100 percent protection from phishing attacks, it is essential for companies to sensitize their users regarding these threats on a regular basis (to raise user awareness). The following instructions for dealing with inbound messages have proved to be successful in averting phishing attacks:<\/p>\n\n\n\n