"Normal" websites are being hijacked to overload victims with spam
Post sign-up emails can be abused to deliver spam, research finds
Hackers have found a creative new way to distribute spam by abusing the infrastructure of legitimate websites. Since the crooks don’t technically take over the website, and it continues to operate as intended, spam filters are having a hard time blocking these emails. As a result, the campaigns are more successful in reaching people’s inboxes.
The good news is that the emails are blatant spam, and unless the recipients click on the links without even reading the contents of the email, they should be able to spot the fraud immediately.
The new campaign was spotted by cybersecurity researchers from Cisco Talos, who explained in a technical write-up how the trick is in abusing sign-up and registration services. Many websites allow users to register a new account, and once that happens, the website will send an email to the address associated with the newly generated account.
No validation
The attack works by overloading the name field with text and a link. Since the site does not validate, or sanitize, this content in any way, it returns to the victim in the post-registration email, unfiltered. The worst part is - there’s no defending against it:
“Unfortunately for defenders, there is very little we can do to defend against such spam messages,” Cisco Talos said. “Most of the emails sent by these contact forms are legitimate, so the malicious email blends in with the otherwise legitimate traffic.”
But the good news is that the emails sent like this are easy to spot. They still look, and read, like your usual post-signup email, albeit with somewhat modified content. That should make it clear to any recipient that the site is being abused and that the email should be deleted on the spot.
More from TechRadar Pro
- Spam texts are getting creative and trying to play on your emotional needs – Don't fall for it
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.