According to researchers, the new Chameleon spam campaign is known to often changes email templates. Read on to know more…
According to researchers from Trustwave, cybercriminals are using a high-volume spam campaign featuring phishing messages with randomized headers and changing templates to attack organizations. The new Chameleon spam campaign is known to often changes email templates. Researchers spotted the new wave of various spam campaigns that are from the same spam botnet.
Chameleon spam messages originated from across the globe and had similar unique email header and body characteristics indicating that they were being sent from the same botnet. The subject lines and body of the spam emails are kept brief and meaningful in order to lure unsuspicious victims. Researchers started tracking the spam emails sent from the botnet since August 14, 2019, and observed that this spam campaign often resembles phishing emails, however, the messages have randomized email headers.
• The spam messages originate from geographically distributed sources, however, they used similar unique SMTP transaction commands on connection.
• The spam messages have randomized email headers with meaningless text that are inserted at random positions within the email header.
• The subject lines and body of the spam emails are kept brief and meaningful in order to lure unsuspicious victims to click on the embedded link.
• Most of the URLs embedded in these spam emails appear to be of compromised WordPress sites.
• The email body HTML has random HTML elements inserted at random positions within legit HTML tags.
Researchers noted that the spam botnet sent out variants of spam emails, which include:
• Fake job offer emails
• Fake Google personal or private messages
• Fake email account security alerts
• Fake broken or undelivered email messages from a mail server
• Fake LinkedIn message and profile view messages
• Fake FedEx delivery notifications
• Fake airline booking invoice emails
Some of the subject lines used in these spam emails include:
• Hi! do you need a job? (Margarida, ex.colleague)
• Message notification
• You have two broken emails
• Security alert for your LinkedIn profile
• A package containing confidential personal information was sent to you
The Trustwave Secure Email Gateway detects and blocks Chameleon emails and other spam campaigns. This solution offers zero-day protection against phishing, blended and targeted threats, along with business email compromise (BEC) and data loss prevention (DLP) capabilities.
In addition, security awareness training provider KnowBe4 in April released Phishing Reply Test (PRT), a tool that helps organizations determine if their employees will respond to phishing emails. PRT tests employees on common targeted phishing attack scenarios and provides details about the number of employees who fall victim to these attacks.