Sign in Subscribe

Today's world of spam email

Today's world of spam email
Photo by Andrey Matveev / Unsplash

Synopsis

I've taken an example of a spam emails we see today what they lead to where they come from etc. Email spam has become so prevalent taking some real examples to see the importance of checking your emails.

Introduction

Spam emails have evolved long since their first inception back in the beginning of email. Motivations for spam have also changed in the same time period, now to taking advantage of referral links to generate traffic for websites, to trying to phish for sensitive information. Today we are actually going to take a look at recent google api abuse in order to facilitate phishing. The market has become super lucrative for those who are doing cyber cybercrime.

These emails are becoming increasingly important to defend against, as real damage happens to companies at this stage. a file downloaded can cause one of the largest breaches a company has seen in a long time.

The email

Above is one of the many emails that land in an inbox that I've held for a long time. I was intrigued into looking into this after the unique method that these spammers had used to further their program. Lets take a dive into the sender:

A deep look: The sender

Looking into the sender for this email it raises some immediate red flags. Just a ton of computer spam .us emails. but one thing I wanted to focus on was the via @psycholad.com link registration as we can find some deeper information about it. Below is a screenshot of the who.is page of the address

This is a registered domain actually in the last year. But had some red flags as I was looking at it. take a look at the registration contact information below (This isn't real information, so I will be showing it all here):

Looking deeper into the rabbit home we look up the registration of fortalin.com to find again more similar fake information taking us to even another website until we finally find the one that is withheld due to privacy reasons. These registrations look automated and filled with just random information for different fake companies.

Where exactly this domain originated from is hard to tell. Most likely this was created through automated domain generation allowing them to make hundreds of these domains to send out these emails. The short dive already showed us that these individuals have 3 other domains registered to themselves. so how far this hole goes is unclear.

Looking into the email itself.

The entire page that you see here is one massive link to a storage.googleapis.com link. no matter where you look, the image, the unsubscribe it all takes you to the exact same place. At the time I was looking into this the website that it is hosted on is no longer in operation. It is likely that it originally lead to a site where I would put personal information and make a payment for the "package waiting for delivery"

What is storage.googleapis.com?

The first thing you see when you look up storage.googleapis.com is many different posts about the abuse of the link for phishing programs. concerned users wondering if their information was stolen after clicking the link. according to Google Cloud Reference Manuals these individuals use links discussing themselves as google storage links to redirect traffic to other websites for their phishing attacks.

In conclusion

Today's cyber crime keeps evolving. This is just one email out of hundreds that my research accounts get in a day. It shows us how ever important it is to maintain our privacy. Pay attention to the details as you never know what you might find.