Conversation Overflow Phishing

by Artie Kaye

A new method for attackers involves tricking the mechanisms which filter spam and harmful mail. Some of the models used for these systems rely on checking if messages have appropriate content such as conversation or replies. This is done by increasing the length of an email with line breaks, then placing a thread of one or more fake or unrelated messages at the bottom as quoted text. These entries are far below where most people would scroll to, but an area still scanned by the filters. The additional interactions from that email address will be marked as safe by the filter. Always double check any email that you receive—even from trusted sources—by scrolling completely through the email.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)