Summary: Cybersecurity researchers have identified ongoing malspam campaigns where threat actors spoof sender email addresses, often using neglected domains to bypass security measures. These campaigns include phishing attempts and extortion schemes targeting various sectors, utilizing tactics like QR codes and impersonation of trusted brands.

Threat Actor: Muddling Meerkat | Muddling Meerkat
Victim: Various sectors including legal, government, and construction | Various sectors

Key Point :

• Threat actors are using old, neglected domains to spoof sender addresses and evade security checks.
• Phishing campaigns distribute emails with QR codes leading to fraudulent sites, often using tax-related lures.
• Extortion emails demand Bitcoin payments to delete embarrassing videos, spoofing the victim’s own email address.
• New phishing campaigns target Microsoft 365 credentials, abusing trusted platforms to redirect users.
• Generic top-level domains (gTLDs) are increasingly exploited for cybercrime due to low costs and minimal registration requirements.
• Malicious WordPress plugins are being used to create fake payment pages to harvest personal and financial information.