Vijay ThawareSoftware Engineer
This is a follow-up to our previous blog on COVID-19 related spam campaigns. This blog will share some insight on the latest wave of COVID-19 themed spam campaigns and how Email Threat Isolation (ETI) from Symantec stops these emails from accomplishing their goals.
Symantec has continued to observe numerous malicious email campaigns taking advantage of the global panic surrounding the coronavirus outbreak. While we previously discussed malspam (malware bearing) emails, now a wave of text-based spam campaigns have emerged. These emails do not contain any malicious attachments and instead rely on what is written in the email to trick users into handing over information or money.
Change is the only constant
According to Symantec telemetry, as well as COVID-19 related phishing and malspam campaigns, spammers are increasingly using text-based campaigns. One reason for this is that it is comparatively cheaper and easier than phishing and malspam campaigns as there is no need for compromised domains or malware. The most abused vanity TLDs used in these campaigns are .xyz, .top, and .site.
These text-based spam campaigns include following flavors:
Business proposition emails from small to medium-sized manufacturing factories offering to sell medical equipment like surgical face masks, personal protective equipment (PPE) kits, sanitizers, and ventilators
Emails from generous donors claiming to be giving away large sums of money to those in need
Lottery scam emails
Emails asking for donations from individuals via cryptocurrency or gift cards
Figure 1. Blocked COVID-19 related emails: March 25 – April 22, 2020
Symantec Email Threat Isolation
One of the best solutions or defense mechanisms provided by Symantec to its customers is Email Threat Isolation (ETI). ETI technology checks emails and attachments for phishing URLs or malicious content hosted on them. This technology de-risks the th ..
Support the originator by clicking the read the rest link below.
