Over the past day or so, I’ve seen an upswing in the backscatter spam “aimed” at my domain. The phishers are sending messages to invalid users in my domain with the reply-to path set to the real target.
In many (most?) cases, the end result would be that the reply-to address would receive a Non-Delivery Receipt (bounce) message that looks to the untrained eye like they sent a message which bounced. Having no recollection of ever sending such a message, the NDR recipient – who is the real target of the spam – inspects the bounced message and becomes vulnerable to its contents. In some cases, depending on the mail server configurations involved, the bounced messages will even include any attached (and probably dangerous) files.
If you have arrived here because you (think you) received spam from my network, please see my statement regarding the current situation.
Thanks!
