Recently a spam list was posted online that is being referred to as B2B USA Businesses, which contains 105 million individual’s information to include email addresses, employers, job titles, names, phone numbers and physical addresses. Lists like these are used to spread spam mostly, but are also useful tools for cyber-criminals to launch both spear-phishing and wide spread phishing campaigns against organizations. Information in lists such as these can also be used to gain access to other accounts when users have reused the same or similar credentials across multiple accounts or have used similar credentials when performing password updates. It is not uncommon when looking at spam lists to find inaccurate data or accounts linked to an organization which does not follow their standard naming convention. These should still be investigated as there are two possibilities for their existence on the list other than them just being a mistake. In some cases, these are just emails that have been guessed by the creators of the list who will sometimes attempt to guess different accounts, such as department emails and administrator account emails. In other instances, these seemingly illegitimate accounts are actually active accounts which have been created by members of an organization’s IT organization which have created rogue accounts for their own purposes.

Ranah Shiyab

Written by Ranah Shiyab