{"id":7605,"date":"2022-07-06T15:58:02","date_gmt":"2022-07-06T13:58:02","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/retarus-analysis-reveals-98-percent-of-russian-phishing-mails-mask-their-domain-endings"},"modified":"2024-05-07T11:20:29","modified_gmt":"2024-05-07T09:20:29","slug":"retarus-analysis-reveals-98-percent-of-russian-phishing-mails-mask-their-domain-endings","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/retarus-analysis-reveals-98-percent-of-russian-phishing-mails-mask-their-domain-endings\/","title":{"rendered":"Retarus analysis reveals: 98 Percent of Russian phishing mails mask their domain endings"},"content":{"rendered":"\n
Nothing is quite as it seems. Over the past few months, the experts at Retarus have been closely examining the origin of phishing emails within our Email Security service<\/a>. And here\u2019s what they\u2019ve discovered: 98 percent of the emails classified as malicious, and which from a technical perspective indicate that they originate from Russia (Geo-IP), are not using the official, top-level domain of the country (.ru) in the sender name. <\/p>\n\n\n\n Due to the current political situation, many companies have already taken the preventive security measure of generally blocking all emails coming from .ru addresses, or at least placing them in quarantine \u2013 irrespective of the content or virus filter results. The Retarus analysis now clearly shows that simply looking at the sender domain alone is insufficient in concrete cases. That\u2019s why Retarus urgently recommends systematically investigating the Geo-IP. This can be achieved with technologies such as <\/strong>Retarus Predelivery Logic<\/a>. Already at the gateway level, this service analyses emails according to specific rule sets and blocks them before they can reach the recipient company\u2019s infrastructure and cause damage there. Depending on how the service has been configured, the offending message could, for instance, also initially be isolated in the user\u2019s quarantine area.<\/p>\n\n\n\n