***EDITOR’S NOTE: The content of this article does not make or imply any claims regarding the security or insecurity of any of the brands mentioned in it. The post describes a method by which spammers disguise the sender of a message as a well-known brand to take advantage of those brands’ being whitelisted by some organizations' spam filters. The objective of this post is to make the public aware of this method and encourage individuals responsible for an organization’s whitelist to focus whitelisting rules down to specific addresses rather than only broader domain names.***
Is more malware slipping through to your Inbox? Do you have whitelists? If the latest spam emails are to be believed (which of course, they’re not), trustworthy companies such as the payment card brands, are now sending email on behalf of other well-known companies. We’ve received a number of malware-laden emails through our spam filter that purport to come from legitimate brands, but the body is a phish masquerading as yet another company, often with malware attached in a zip file.
Do these look legitimate?