Skip to content
·
phishingspamsecurityemail-security

New Ways Cybercriminals Are Circumventing Spam Filters

Cybercriminals are exploiting legitimate platforms and signup forms to bypass spam filters and spread malicious links. Here's how they do it and what we can do about it.

In a variation on the Google Forms e-mail spam wave I wrote about earlier, cybercriminals are making use of other platforms and online signup forms to circumvent spam filters and spread their malicious links.

These scammers use a multitude of strategies to make use of legitimate services, domains and webservers instead of their own infrastructure that would quickly get flagged as spam.

Exploiting Sign-Up Forms

Some of them make use of the fact that a substantial amount of websites don't implement input validation on the "name" field, in the form where users sign up for the web application. This gives criminals the ultimate freedom to take over the content of the e-mail and add malicious URLs — with varying rates of success.

For example, a scammer might register with a "name" like:

Your account has been compromised! Visit http://malicious-link.com to verify

The confirmation email then becomes a phishing message sent from a perfectly legitimate domain.

Abusing Legitimate Platform Features

Others make use of legitimate features in web applications that send out invites for groups, or reminder e-mails in project management software.

I've observed this technique being used through:

  • Facebook (Meta) — Group invitation emails containing malicious content
  • Atlassian — Project invitation emails weaponized with phishing links
  • Google Forms — Form response notifications used to deliver spam
  • Various SaaS platforms — Any platform with an invite or notification feature

Prevention

While achieving total prevention may be challenging without restricting features for normal users, there are measures to mitigate abuse in your web applications and domains.

For the "Name" Field

Handling input validation for names is complex — consider blocking input containing URLs and domains as a first step.

Rate Limiting

Implementing rate limits can deter cybercriminals from exploiting features for mass emails to potential victims.

Monitoring and Response

Vigilance is key. Regularly monitor service usage, detect misuse, and promptly deploy countermeasures for the most effective strategy against abuse.

The cat-and-mouse game between spammers and security teams continues. Stay vigilant and report any suspicious emails you receive.