Cybersecurity researchers have uncovered that cybercriminals are successfully spoofing sender email addresses as part of various malspam campaigns. By faking the sender’s email address, these attackers aim to make their messages appear legitimate, evading security mechanisms that could otherwise flag them as malicious.
Despite the available safeguards like DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC), and Sender Policy Framework (SPF), spammers have increasingly turned to old or neglected domains in their operations. This strategy allows them to bypass security checks that often rely on the domain’s age to identify spam.
A threat intelligence firm shared an analysis revealing that attackers such as the group known as Muddling Meerkat have been abusing outdated top-level domains (TLDs), which have not hosted content for nearly two decades. These domains often lack crucial DNS records, such as SPF records, making them ideal for spoofing efforts.
One malicious campaign active since at least December 2022 involved sending emails with attachments that contained QR codes directing recipients to phishing sites. The emails employed tax-related lures in Mandarin, instructing users to open the attachment and scan the QR code using apps like AliPay or WeChat. Some emails locked the QR code documents behind passwords, only revealed in the email body.
This campaign personalized its approach by spoofing random domains, making it less obvious that they were coming from the same sender. The threat actors have also impersonated well-known brands, including Amazon and Mastercard, directing victims to fake login pages designed to steal their credentials.
Additionally, a separate category of spam involved extortion tactics where recipients were threatened with the release of compromising videos unless they paid $1,800 in Bitcoin. In this case, the attacker spoofed the user’s own email address, challenging them to check their inbox to verify the claim.
More recently, a phishing campaign dubbed "Butcher Shop" has targeted the legal, government, and construction sectors, aiming to compromise Microsoft 365 credentials. The attacks exploit trusted platforms like Canva and Dropbox to redirect users to these malicious sites.
In the Middle East, there have been reports of SMS phishing campaigns impersonating law enforcement agencies, demanding fake payments for non-existent traffic violations. Meanwhile, another scheme has seen banking customers targeted through social engineering tactics that impersonate government officials to extract sensitive information.
These revelations underscore the need for increased vigilance in email security and awareness regarding phishing campaigns using neglected domains and sophisticated spoofing techniques.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.