No, You Haven’t Won a Yeti Cooler From Dick’s Sporting Goods

The future of email spam utilizes a coding trick that evades the most sophisticated detection tools.

Click to view the original at

Hasnain says:

“Basically, an automated machine-learning tool won’t pick up on what’s bad about the email if it hasn’t been trained to pick up on the code that comes after the hash. “It’s a little Rube Goldberg, but this is what we’re seeing attackers of all stripes using,” Kalember says. “They’re hiding what we call ‘the payload’ behind something that a human can find very easily in an email but a detection technique finds impossibly hard.” It also doesn’t help that spammers and cybercriminals no longer need to set up their own janky phishing sites. In some cases they’ll use architecture provided by the big cloud companies, like Amazon and Google—which sends the signal to anti-fraud tools that their operation is “legitimate.” “

Posted on 2022-12-24T16:31:37+0000