Hackers have found a creative new way to distribute spam by abusing the infrastructure of legitimate websites. Since the crooks don’t technically take over the website, and it continues to operate as intended, spam filters are having a hard time blocking these emails. As a result, the campaigns are more successful in reaching people’s inboxes.
The good news is that the emails are blatant spam, and unless the recipients click on the links without even reading the contents of the email, they should be able to spot the fraud immediately.
The new campaign was spotted by cybersecurity researchers from Cisco Talos, who explained in a technical write-up how the trick is in abusing sign-up and registration services. Many websites allow users to register a new account, and once that happens, the website will send an email to the address associated with the newly generated account.
No validation
The attack works by overloading the name field with text and a link. Since the site does not validate, or sanitize, this content in any way, it returns to the victim in the post-registration email, unfiltered. The worst part is – there’s no defending against it:
“Unfortunately for defenders, there is very little we can do to defend against such spam messages,” Cisco Talos said. “Most of the emails sent by these contact forms are legitimate, so the malicious email blends in with the otherwise legitimate traffic.”
But the good news is that the emails sent like this are easy to spot. They still look, and read, like your usual post-signup email, albeit with somewhat modified content. That should make it clear to any recipient that the site is being abused and that the email should be deleted on the spot.
More from TechRadar Pro
https://cdn.mos.cms.futurecdn.net/wHozmezVLmTeY3bWSLuSk4-1200-80.jpg
Source link