A new phishing campaign distributing malware pretends to be from the Spamhaus Project warning that the recipient's email address has been added to a spam block list due to sending unsolicited email.
Spamhaus Project is an organization that creates spam block lists that mail servers can utilize to block known spammers from sending emails to recipients in their organization.
If you are an email administrator, then you are most likely familiar with this organization and how removing one of your IP addresses or domains from their block list can be an arduous task, to say the least.
Due to this, using Spamhaus as the theme of your phishing scam could alarm email administrators enough to cause them to hastily open the link in the email and thus become infected.
Malware phishing campaign impersonates Spamhaus
In a new phishing campaign discovered by ProofPoint researcher Matthew Mesa, malware distributors are sending emails that pretend to be from the Spamhaus Project.
These email states that the recipient must "Urgently Take Action" because their email address has been added to the Spamhaus Block List (SBL) and will be blacklisted on mail servers unless they follow the instructions found at a listed URL.
Spamhaus Phishing Email (Source: Matthew Mesa)Click image to see full size
The full text of this phishing email can be read below:
SBL Reminder: Email: Your email address moved to Spamhaus Blacklist (SBL) SBL# - The Spamhaus Project - SBL International Anti-Spam Systems Good afternoon, It is an automated letter from the original Spamhaus Block List (SBL) instance to noti ..
Support the originator by clicking the read the rest link below.
