"Domains Once Owned by Major Firms Help Millions of Spam Emails Bypass Security"
According to security researchers at Guardio, thousands of domains, many once owned by major companies, have been abused to get millions of emails past spam filters. The researchers came across a significant campaign dubbed SubdoMailing and attributed it to a threat actor named ResurrecAds. The researchers reported identifying roughly 8,800 hijacked domains, specifically over 13,000 associated subdomains, being used to send out approximately five million emails per day. The researchers noted that the number of abused domains is growing by the hundreds every day. The researchers have identified abused domains previously belonging to MSN, CBS News, New York City, Philips, Cornell University, VMware, Swatch, Scotiabank, and McAfee. The emails sent out as part of the SubdoMailing campaign are designed to trick users into interacting with the message, which takes them through a series of redirects that check the device type and location, ultimately leading the victim to scams or phishing websites.