The X-ray of a highly personalized spam campaign
Updated at: Oct 01, 2019
TechCrunch recently published an article of great interest sharing an in depth investigation that, with the support of security researcher Bob Diachenko, revealed a spam campaign that reached millions of people in a short period of time. As the subject involves information security and provides reflections, we've decided to share a few key points here as well.
The first point we should pay attention to in this campaign is the fact that spam emails were highly personalized. The spam was delivered to the recipient as being from someone he knew or had contact with. We'll explain how that happened: after putting his hands on a victim's username and password, the cybercriminal accessed the sent email section and fired personalized emails with links to fake websites.
Because it looked like a personal email from someone the recipient was close to, many ended up clicking on the links. According to the article, about 5 million emails were sent and over 160,000 people clicked on the malicious links within a period of about 10 days.
One victim reported that the spam message was linked to a subject that had recently been discussed with the person who had his email account hacked, which demonstrates an astute and personalized attack. The article was only possible because researcher Diachenko found the server that was responsible for the entire spam operation.
"Custom attacks are one of the main threats today because of the difficulty of being detected. For companies that handle sensitive information and need to respond to a set of rules and compliance, they can be a devastating threat. The best way to fight them today is with artificial intelligence and machine learning ", points out Gatefy's CEO Felipe Guimarães.
Another point to note in the case of this spam attack is that malicious links directed recipients to local websites based on their IP addresses. Fake websites, of course, that promoted fake products and services.
In addition, each link had a tracker that provided important data to the spammer, such as the number of clicks and the bounce rate. Thus, the criminal could improve the scams so that the emails had more success.
If you want to know if your email has already been hacked, use Have I Been Pwned.