What is the intended attack vector of this email?

Such question merely asks for opinions as only the sender really knows his own intent, other people can only guess.

I suppose that in your question you kept the real email address: [email protected]. It is an interesting one which can be divided in two parts:

  • admin: this is a common word appearing on the top of most usernames lists and frequently used for email addresses. Not only this username is common, but it is sometimes linked to a mailing list targeting several humans at once (as many chances for a malicious payload to be opened), this is just bonus, and humans with administrative privileges on whatever they are using, this is the cherry on the cake.
  • quickmediasolutions.com: this is just a working domain name, they are plenty of ways to get large lists of working domain names.

To me, but this is my personal guess, the attacker is sending the same innocuous email to admin@<domain> (at least, I expect other names such as webmaster to be also targeted) to the widest range of domain names possible. Using such an harmless email is the safest way to avoid spam filters to alter the results in any way.

From there all the domains tried will in one of these categories:

  • Those who rejected the email with an SMTP 550 Invalid Recipient message, they will most likely be left out as not being low hanging fruits.
  • Those who accepted the email, they will earn their ticket to the next step in the attacker's agenda.

What does this next step contains? Here again, only the attacker (or the people hiring him) may know. Maybe the goal is just to constitute a list and sell it, maybe the goal is to directly use this list and try to send some malicious payloads, maybe both...

Anyway, the idea is that such emails is most likely not meant to carry any malicious payload by itself, but is just a low-cost probe to sort targets on a wide scale.


I can think of 2 possibilities

  1. fishing for email addresses to spam (fishing in the old sense)
  2. potential spear-phishing attack, starting off innocuous, followed by a malcious attachment

either way, best to ignore


One possibility is that this is just a hook to tempt you to reply and then scam you later on down the line.

Social engineers pray on things like natural human curiosity.

Using a method like this has the added benefit of only the people who are more likely to be tempted and therefore more likely to be scammed actually replying to the email in the first place.

Similar to the self-selected methodology used by purveyors of the Nigerian Prince scams.

The self-selecting methodology is described in this Microsoft Paper from 2012

Tags:

Email

Attack Vector

Recent Posts