Phishing e-mail to custom e-mail addresses
Geoff wrote in with an interesting phishing sample. The part that it interesting is less the content of the phish, but the e-mail address it was sent to. The content is a standard "ACH Payment Canceled" phish. There are probably a dozen or so that my spam filter dutifully removes each day.
The interesting part: The particular email was send to an address, Geoff only uses for one particular credit rating agency. The "user" part of the e-mail address is the credit rating agencies name.
I assume others here are doing similar tricks to cut down on spam, or at least track where spam is coming from. Many times I see addresses like "user+sans@example.com" in our database. However, in Geoff's case, this would be "sans@example.com", and it is possible that spammers do us company names like that as part of their username dictionary.
Has anybody else seen companyname@example.com addresses used as "To:" addresses in spam? In particular if the company name is a financial institution?
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
Nathaniel
Aug 31st 2011
1 decade ago
Bob Stangarone
Aug 31st 2011
1 decade ago
Dick Rawson
Aug 31st 2011
1 decade ago
Mark
Aug 31st 2011
1 decade ago
Pointing out to some italian (.it) websites redirecting to GenOrder.zip (which was of course malicious: SpyEye/Zeus)
Wilco
Aug 31st 2011
1 decade ago
Conrad Longmore
Aug 31st 2011
1 decade ago
MarkG
Aug 31st 2011
1 decade ago
n00dle
Sep 1st 2011
1 decade ago
Defenestrator
Sep 1st 2011
1 decade ago
Mike
Sep 2nd 2011
1 decade ago