{"id":7605,"date":"2022-07-06T15:58:02","date_gmt":"2022-07-06T13:58:02","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/retarus-analysis-reveals-98-percent-of-russian-phishing-mails-mask-their-domain-endings"},"modified":"2024-05-07T11:20:29","modified_gmt":"2024-05-07T09:20:29","slug":"retarus-analysis-reveals-98-percent-of-russian-phishing-mails-mask-their-domain-endings","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/retarus-analysis-reveals-98-percent-of-russian-phishing-mails-mask-their-domain-endings\/","title":{"rendered":"Retarus analysis reveals: 98 Percent of Russian phishing mails mask their domain endings"},"content":{"rendered":"\n

Nothing is quite as it seems. Over the past few months, the experts at Retarus have been closely examining the origin of phishing emails within our Email Security service<\/a>. And here\u2019s what they\u2019ve discovered: 98 percent of the emails classified as malicious, and which from a technical perspective indicate that they originate from Russia (Geo-IP), are not using the official, top-level domain of the country (.ru) in the sender name.  <\/p>\n\n\n\n

Due to the current political situation, many companies have already taken the preventive security measure of generally blocking all emails coming from .ru addresses, or at least placing them in quarantine \u2013 irrespective of the content or virus filter results. The Retarus analysis now clearly shows that simply looking at the sender domain alone is insufficient in concrete cases. That\u2019s why Retarus urgently recommends systematically investigating the Geo-IP. This can be achieved with technologies such as <\/strong>Retarus Predelivery Logic<\/a>. Already at the gateway level, this service analyses emails according to specific rule sets and blocks them before they can reach the recipient company\u2019s infrastructure and cause damage there. Depending on how the service has been configured, the offending message could, for instance, also initially be isolated in the user\u2019s quarantine area.<\/p>\n\n\n\n

You can find out more about this issue in our recent press alert<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Many companies have already taken the preventive security measure of generally blocking all emails coming from .ru addresses. However, a recent Retarus analysis shows that only looking at the sender domain is just not enough. <\/p>\n","protected":false},"author":14,"featured_media":9998,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_s2mail":"yes","footnotes":""},"categories":[8,15],"tags":[3591],"dipi_cpt_category":[],"class_list":["post-7605","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-predelivery-logic"],"acf":[],"yoast_head":"\nRetarus analysis reveals: 98 Percent of Russian phishing mails mask their domain endings - Retarus Corporate Blog - EN<\/title>\n<meta name=\"description\" content=\"Viele Unternehmen sind bereits dazu \u00fcbergegangen, als Sicherheitsma\u00dfname vorsorglich alle E-Mails von .ru-Adressen vollst\u00e4ndig zu blockieren. Eine Retarus-Auswertung allerdings zeigt, dass die reine Betrachtung der Absenderdomain zu kurz gedacht ist.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Retarus analysis reveals: 98 Percent of Russian phishing mails mask their domain endings\" \/>\n<meta property=\"og:description\" content=\"Viele Unternehmen sind bereits dazu \u00fcbergegangen, als Sicherheitsma\u00dfname vorsorglich alle E-Mails von .ru-Adressen vollst\u00e4ndig zu blockieren. Eine Retarus-Auswertung allerdings zeigt, dass die reine Betrachtung der Absenderdomain zu kurz gedacht ist.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - EN\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-06T13:58:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T09:20:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_151469051.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Cloer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Cloer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/\",\"name\":\"Retarus analysis reveals: 98 Percent of Russian phishing mails mask their domain endings - Retarus Corporate Blog - EN\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_151469051.jpg\",\"datePublished\":\"2022-07-06T13:58:02+00:00\",\"dateModified\":\"2024-05-07T09:20:29+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\"},\"description\":\"Viele Unternehmen sind bereits dazu \u00fcbergegangen, als Sicherheitsma\u00dfname vorsorglich alle E-Mails von .ru-Adressen vollst\u00e4ndig zu blockieren. Eine Retarus-Auswertung allerdings zeigt, dass die reine Betrachtung der Absenderdomain zu kurz gedacht ist.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_151469051.jpg\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_151469051.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"GeoIP Russland\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Retarus analysis reveals: 98 Percent of Russian phishing mails mask their domain endings\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/\",\"name\":\"Retarus Corporate Blog - EN\",\"description\":\"Always up to date\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\",\"name\":\"Thomas Cloer\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Retarus analysis reveals: 98 Percent of Russian phishing mails mask their domain endings - Retarus Corporate Blog - EN","description":"Viele Unternehmen sind bereits dazu \u00fcbergegangen, als Sicherheitsma\u00dfname vorsorglich alle E-Mails von .ru-Adressen vollst\u00e4ndig zu blockieren. Eine Retarus-Auswertung allerdings zeigt, dass die reine Betrachtung der Absenderdomain zu kurz gedacht ist.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/","og_locale":"en_US","og_type":"article","og_title":"Retarus analysis reveals: 98 Percent of Russian phishing mails mask their domain endings","og_description":"Viele Unternehmen sind bereits dazu \u00fcbergegangen, als Sicherheitsma\u00dfname vorsorglich alle E-Mails von .ru-Adressen vollst\u00e4ndig zu blockieren. Eine Retarus-Auswertung allerdings zeigt, dass die reine Betrachtung der Absenderdomain zu kurz gedacht ist.","og_url":"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/","og_site_name":"Retarus Corporate Blog - EN","article_published_time":"2022-07-06T13:58:02+00:00","article_modified_time":"2024-05-07T09:20:29+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_151469051.jpg","type":"image\/jpeg"}],"author":"Thomas Cloer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Thomas Cloer","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/","url":"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/","name":"Retarus analysis reveals: 98 Percent of Russian phishing mails mask their domain endings - Retarus Corporate Blog - EN","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_151469051.jpg","datePublished":"2022-07-06T13:58:02+00:00","dateModified":"2024-05-07T09:20:29+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5"},"description":"Viele Unternehmen sind bereits dazu \u00fcbergegangen, als Sicherheitsma\u00dfname vorsorglich alle E-Mails von .ru-Adressen vollst\u00e4ndig zu blockieren. Eine Retarus-Auswertung allerdings zeigt, dass die reine Betrachtung der Absenderdomain zu kurz gedacht ist.","breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_151469051.jpg","contentUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_151469051.jpg","width":1920,"height":1080,"caption":"GeoIP Russland"},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/en\/retarus-auswertung-zeigt-98-prozent-der-russischen-phishing-mails-mit-verschleierter-domain-endung\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/en\/"},{"@type":"ListItem","position":2,"name":"Retarus analysis reveals: 98 Percent of Russian phishing mails mask their domain endings"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/en\/#website","url":"https:\/\/www.retarus.com\/blog\/en\/","name":"Retarus Corporate Blog - EN","description":"Always up to date","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5","name":"Thomas Cloer","url":"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/7605","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/comments?post=7605"}],"version-history":[{"count":15,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/7605\/revisions"}],"predecessor-version":[{"id":10430,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/7605\/revisions\/10430"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media\/9998"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media?parent=7605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/categories?post=7605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/tags?post=7605"},{"taxonomy":"dipi_cpt_category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/dipi_cpt_category?post=7605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}