CINXE.COM

<!doctype html> <html lang="en-US" class="no-touch js "> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1">  <meta name="blogsPostDate" content="2022-12-08 05:00:37"/><meta name="blogsPostTags" content="cisco-umbrella,holiday,phishing,secure-email,secure-endpoint,secure-malware-analytics,spam,threat-insights"/><meta name="blogsPostCat" content="Security"/><meta name="article:category" content="Security"/> <meta name="wordCount" content="1857" /> <meta name="readTime" content="445" />  <script type='text/javascript' src="//www.cisco.com/etc/designs/cdc/clientlibs/responsive/js/web-component-foundation.min.js"></script> <script> /** * Invokes appropriate private methods based on input parameters based on needs of web component architecture * @param {Array} wcAssets array of strings that correlate to the names of web components or array of objects containing asset name and corresponding locale/path * @param {String} localePath specifies where web component should be retrieved from (expected format: en/us or en_au for all other locales); false if wcAssets, is array of objects * @param {Boolean} isWem [Optional] specifies if assets are being loaded on a WEM environment * @param {Boolean} needTargetter [Optional] specifies need for targetter bundle to be loaded (generally needed on external sites) * @param {Boolean} isRelative [Optional] specifies if asset path(s) should be relative * @param {String} env [Optional] specifies enviornment to append to relative path (should not be used with isRelative) * @param {Boolean} hasEnvOverride [Optional] specifies if environment needs to be overridden (should be used with env) */ cdc.wcAncillaryAssetAllocator.init(['cdc-template-blogs'], 'en/us', false, true, false, 'prod'); if (window.cdc === undefined) { window.cdc = {}; } if (cdc.cdcMasthead === undefined) { cdc.cdcMasthead = {}; } if (cdc.cdcMasthead.additional === undefined) { cdc.cdcMasthead.additional = {}; } cdc.cdcMasthead.additional.env = 'prod'; </script> <script type="text/javascript"> if ( typeof cdc === "undefined")cdc = {}; if ( typeof cdc.util === "undefined")cdc.util = {}; cdc.util.ensureNamespace = function (namespaceStr) { if (!namespaceStr) { return; var parts = namespaceStr.split("."); var o = window; var i; var aPart; for (i = 0; i < parts.length; i++) aPart = parts[i]; if (typeof (o[aPart]) != "object"){ o[aPart] = {}; } o = o[aPart]; } }; cdc.dm = {}; cdc.dm.util = {}; cdc.dm.util.ensureNamespace = cdc.util.ensureNamespace; </script> <meta name="author" content="Ben Nahorney" /><meta name="blogsPostAuthor" content="Ben Nahorney" /><meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' /> <script type="text/javascript" src="//www.cisco.com/c/dam/cdc/t/ctm-core.js"></script>  <title>Explorations in the spam folder–Holiday Edition - Cisco Blogs</title> <meta name="description" content="We explore spam campaigns during this holiday season, demonstrating what can happen if someone actually clicks on links or open attachments in these unsolicited emails." /> <link rel="canonical" href="https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="Explorations in the spam folder–Holiday Edition" /> <meta property="og:description" content="We explore spam campaigns during this holiday season, demonstrating what can happen if someone actually clicks on links or open attachments in these unsolicited emails." /> <meta property="og:url" content="https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition" /> <meta property="og:site_name" content="Cisco Blogs" /> <meta property="article:published_time" content="2022-12-08T13:00:37+00:00" /> <meta property="article:modified_time" content="2023-09-25T14:02:40+00:00" /> <meta property="og:image" content="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/1010127526-Endpoint-Holiday-Blog-Banner_1200x628.png" /> <meta property="og:image:width" content="1200" /> <meta property="og:image:height" content="628" /> <meta property="og:image:type" content="image/png" /> <meta name="author" content="Ben Nahorney" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:label1" content="Written by" /> <meta name="twitter:data1" content="Ben Nahorney" /> <meta name="twitter:label2" content="Est. reading time" /> <meta name="twitter:data2" content="13 minutes" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"Article","@id":"https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition#article","isPartOf":{"@id":"https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition"},"author":{"name":"Ben Nahorney","@id":"https://blogs.cisco.com/#/schema/person/d99325965f3a5cf67c60bab3838d8b5b"},"headline":"Explorations in the spam folder–Holiday Edition","datePublished":"2022-12-08T13:00:37+00:00","dateModified":"2023-09-25T14:02:40+00:00","mainEntityOfPage":{"@id":"https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition"},"wordCount":2013,"publisher":{"@id":"https://blogs.cisco.com/#organization"},"image":{"@id":"https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition#primaryimage"},"thumbnailUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/1010127526-Endpoint-Holiday-Blog-Banner_1200x628.png","keywords":["Cisco Umbrella","holiday","phishing","secure email","Secure Endpoint","Secure Malware Analytics","spam","threat insights"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition","url":"https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition","name":"Explorations in the spam folder–Holiday Edition - Cisco Blogs","isPartOf":{"@id":"https://blogs.cisco.com/#website"},"primaryImageOfPage":{"@id":"https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition#primaryimage"},"image":{"@id":"https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition#primaryimage"},"thumbnailUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/1010127526-Endpoint-Holiday-Blog-Banner_1200x628.png","datePublished":"2022-12-08T13:00:37+00:00","dateModified":"2023-09-25T14:02:40+00:00","description":"We explore spam campaigns during this holiday season, demonstrating what can happen if someone actually clicks on links or open attachments in these unsolicited emails.","breadcrumb":{"@id":"https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition#primaryimage","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/1010127526-Endpoint-Holiday-Blog-Banner_1200x628.png","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/1010127526-Endpoint-Holiday-Blog-Banner_1200x628.png","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Cisco Blogs","item":"https://blogs.cisco.com/"},{"@type":"ListItem","position":2,"name":"Security","item":"https://blogs.cisco.com/security"},{"@type":"ListItem","position":3,"name":"Explorations in the spam folder–Holiday Edition"}]},{"@type":"WebSite","@id":"https://blogs.cisco.com/#website","url":"https://blogs.cisco.com/","name":"Cisco Blogs","description":"","publisher":{"@id":"https://blogs.cisco.com/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://blogs.cisco.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https://blogs.cisco.com/#organization","name":"Cisco Systems","url":"https://blogs.cisco.com/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/#/schema/logo/image/","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/10/Cisco_Logo_no_TM_Sky_Blue-RGB.png","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/10/Cisco_Logo_no_TM_Sky_Blue-RGB.png","width":912,"height":482,"caption":"Cisco Systems"},"image":{"@id":"https://blogs.cisco.com/#/schema/logo/image/"}},{"@type":"Person","@id":"https://blogs.cisco.com/#/schema/person/d99325965f3a5cf67c60bab3838d8b5b","name":"Ben Nahorney","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/#/schema/person/image/","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1544628543-bpfull.jpg","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1544628543-bpfull.jpg","caption":"Ben Nahorney"},"description":"Ben Nahorney is a Threat Intelligence Analyst focused on covering the threat landscape for Cisco Security. With more than a decade and a half of experience in the Internet security field, Ben has weathered threat outbreaks reaching back to the early 2000s and helped develop and report on breaking research such as the Stuxnet virus. A firm believer in “the right tool for the job,” Ben has been an avid producer of written, graphical, video, and data-driven content to help convey how threats operate, and authored papers on security topics ranging from email threats to detecting IoCs to annual reports on the state of the threat landscape.","url":"https://blogs.cisco.com/author/bennahorney"}]}</script>  <link rel='dns-prefetch' href='//www.cisco.com' /> <link rel='dns-prefetch' href='//s.w.org' /> <link rel="alternate" type="application/rss+xml" title="Cisco Blogs » Feed" href="https://blogs.cisco.com/feed" /> <link rel="alternate" type="application/rss+xml" title="Cisco Blogs » Comments Feed" href="https://blogs.cisco.com/comments/feed" /> <script type="text/javascript"> window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/blogs.cisco.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.9.2"}}; /*! This file is auto-generated */ !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode;p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0);e=i.toDataURL();return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p||!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([10084,65039,8205,55357,56613],[10084,65039,8203,55357,56613])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(n=t.source||{}).concatemoji?c(n.concatemoji):n.wpemoji&&n.twemoji&&(c(n.twemoji),c(n.wpemoji)))}(window,document,window._wpemojiSettings); </script> <style type="text/css"> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-block-library-css' href='https://blogs.cisco.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-components-css' href='https://blogs.cisco.com/wp-includes/css/dist/components/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-block-editor-css' href='https://blogs.cisco.com/wp-includes/css/dist/block-editor/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-nux-css' href='https://blogs.cisco.com/wp-includes/css/dist/nux/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-reusable-blocks-css' href='https://blogs.cisco.com/wp-includes/css/dist/reusable-blocks/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-editor-css' href='https://blogs.cisco.com/wp-includes/css/dist/editor/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='mux_video_block_style-css' href='https://blogs.cisco.com/wp-content/plugins/ilab-media-tools/public/blocks/mediacloud-mux.blocks.style.css' type='text/css' media='all' /> <style id='global-styles-inline-css' type='text/css'> body{--wp--preset--color--black: #000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--cisco-midnight-blue: #0d274d;--wp--preset--color--cisco-ocean-blue: #1e4471;--wp--preset--color--cisco-sky-blue: #00bceb;--wp--preset--color--cisco-green: #6abf4b;--wp--preset--color--cisco-orange: #fbab18;--wp--preset--color--cisco-red: #e2231a;--wp--preset--color--dark-gray: #495057;--wp--preset--color--medium-gray: #9e9ea2;--wp--preset--color--light-gray: #ced4da;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--duotone--dark-grayscale: url('#wp-duotone-dark-grayscale');--wp--preset--duotone--grayscale: url('#wp-duotone-grayscale');--wp--preset--duotone--purple-yellow: url('#wp-duotone-purple-yellow');--wp--preset--duotone--blue-red: url('#wp-duotone-blue-red');--wp--preset--duotone--midnight: url('#wp-duotone-midnight');--wp--preset--duotone--magenta-yellow: url('#wp-duotone-magenta-yellow');--wp--preset--duotone--purple-green: url('#wp-duotone-purple-green');--wp--preset--duotone--blue-orange: url('#wp-duotone-blue-orange');--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} </style> <link rel='stylesheet' id='category-css-css' href='https://blogs.cisco.com/wp-content/plugins/cisco-category-page-enhancement/css/category-css.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='multiauthor_custom_front_style-css' href='https://blogs.cisco.com/wp-content/plugins/cisco-multiple-authors/css/multiauthor.css?ver=1.1' type='text/css' media='all' /> <link rel='stylesheet' id='parent-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress/style.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='child-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/style.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='ciscowordpress-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/style.css?ver=5.9.2' type='text/css' media='all' /> <style id='ciscowordpress-style-inline-css' type='text/css'> @media only screen and (min-width: 930px){ ul#featured_categories li{ width: calc(100%/ ); }} </style> <link rel='stylesheet' id='cui-standard-css' href='https://www.cisco.com/web/fw/cisco-ui/1.3.5/dist/css/cui-standard.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='style_login_widget-css' href='https://blogs.cisco.com/wp-content/plugins/miniorange-oauth-oidc-single-sign-on/resources/css/style_login_widget.css?ver=5.9.2' type='text/css' media='all' /> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/plugins/cisco-multiple-authors/js/custom-multiauthor.js?ver=5.9.2' id='multiauthor_custom_js-js'></script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/card-dropdown.js?ver=5.9.2' id='ciscowordpress-card-tag-dropdown-js'></script> <link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://blogs.cisco.com/xmlrpc.php?rsd" /> <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://blogs.cisco.com/wp-includes/wlwmanifest.xml" /> <meta name="generator" content="WordPress 5.9.2" /> <link rel='shortlink' href='https://blogs.cisco.com/?p=423356' /> <link rel="alternate" type="application/json+oembed" href="https://blogs.cisco.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fblogs.cisco.com%2Fsecurity%2Fexplorations-in-the-spam-folder-holiday-edition" /> <link rel="alternate" type="text/xml+oembed" href="https://blogs.cisco.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fblogs.cisco.com%2Fsecurity%2Fexplorations-in-the-spam-folder-holiday-edition&format=xml" /> <link rel="icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-150x150.jpg" sizes="32x32" /> <link rel="icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-300x300.jpg" sizes="192x192" /> <link rel="apple-touch-icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-300x300.jpg" /> <meta name="msapplication-TileImage" content="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-300x300.jpg" /> </head> <body class="post-template-default single single-post postid-423356 single-format-standard no-sidebar"> <div id="page" class="site"> <cdc-template-micro lang="en" search-set-context="blogs"> <a class="skip-link screen-reader-text" href="#content">Skip to content</a> <header id="masthead" class="site-header"> </header> <div id="content" class="site-content"> <div id="primary" class="content-area"> <main id="main" class="site-main"> <p id="breadcrumbs"><span><span><a href="https://blogs.cisco.com/">Cisco Blogs</a> / <span><a href="https://blogs.cisco.com/security">Security</a> / <span class="breadcrumb_last" aria-current="page">Explorations in the spam folder–Holiday Edition</span></span></span></span></p> <div class="blog-post-header"> </div> <article id="post-423356" class="post-423356 post type-post status-publish format-standard has-post-thumbnail hentry category-security tag-cisco-umbrella tag-holiday tag-phishing tag-secure-email tag-secure-endpoint tag-secure-malware-analytics tag-spam tag-threat-insights"> <div class="main-content"> <header class="entry-header"> <div class="entry-meta"> December 8, 2022 <a id="post-comments" href="https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition#respond">Leave a Comment</a> <hr> </div> </header> <div class="blog-post-header"> <div class="thumbnail-avatar"> <div class="post-thumbnail" style="background-image:url(https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/1010127526-Endpoint-Holiday-Blog-Banner_1200x628-600x200.png);"> <img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1544628543-bpfull.jpg" width="102" height="102" alt="Avatar" class="avatar avatar-102 wp-user-avatar wp-user-avatar-102 photo avatar-default"> </div> </div> <div class="blog-cat-post-author-container"> <a href=https://blogs.cisco.com/security><h5>Security</h5></a> <h1 class="entry-title">Explorations in the spam folder–Holiday Edition</h1><p class="wordcount"><span class="black">7 min read</span></p> <p> <a href="https://blogs.cisco.com/author/bennahorney" title="Posts by Ben Nahorney" rel="author">Ben Nahorney</a> </p> </div> </div>  <div class="entry-content"> <p class="p1" style="text-align: center;"><strong>Watch ThreatWise TV: Explorations in the spam folder</strong></p> <p style="text-align: center;"><iframe src="//players.brightcove.net/1384193102001/41XYD7gTx_default/index.html?videoId=6316670602112" allowfullscreen webkitallowfullscreen mozallowfullscreen width="640" height="360"></iframe></p> <p>The spam folder: that dark and disregarded corner of every email account, full of too-good-to-be-true offers, unexpected shipments, and supposedly free giveaways.</p> <p>You’re right to ignore this folder; few good things come from exploring it. But every once in a while one of these misleading, and sometimes malicious, emails manages to evade the filters that normally siphon them off, landing them in your inbox instead.</p> <p>Fortunately, it’s easy enough to spot these emails if you know what to look for. We’ve investigated this folder once before, <a href="https://blogs.cisco.com/security/explorations-in-the-spam-folder">showcasing a variety of scams</a>. With the holiday season in full swing, we thought this would be a good time to revisit how scammers are trying to trick unsuspecting users.</p> <p>The holiday season is traditionally a time when this type of activity increases, and this year is no different. According to <a href="https://newsroom.transunion.com/holiday-fraud-2022/">research published by credit reporting agency TransUnion</a>, the average daily number of suspected digital fraud attempts was up 82 percent globally between Thanksgiving and Cyber Monday (Nov 24–Nov 28) compared to the rest of the year (Jan 1–Nov 23) and 127 percent higher for transactions originating in the US.</p> <p>This level of activity makes it all the more important to be aware of these scams. With that in mind, let’s dive into the spam folder to get a picture of the types of campaigns currently circulating.</p> <h2><strong><span style="color: #6abf4b;">A word of caution</span></strong></h2> <p>While much of the spam circulating is innocuous, many emails are phishing attempts, and some are indeed malicious. To explore these scams, we used a dedicated computer, segmented from the rest of the network, and leveraged <a href="https://www.cisco.com/c/en/us/products/security/threat-grid/index.html">Cisco Secure Malware Analytics</a> to safely open the emails before clicking on links or opening attachments. The point being, we do not recommend doing this at home.</p> <h2><span style="color: #6abf4b;"><strong>10 questions for an amazing gift</strong></span></h2> <p>By far, the largest category of spam we saw were surveys scams. According to these emails, if you fill out a simple survey you’ll receive “exclusive offers” such as gift cards, smartphones, smart watches, power drills, or even pots and pans.</p> <figure id="attachment_423457" aria-describedby="caption-attachment-423457" style="width: 1430px" class="wp-caption aligncenter"><img class="wp-image-423457 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hgcghcgh.jpg" sizes="(max-width: 1430px) 100vw, 1430px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hgcghcgh-300x226.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hgcghcgh-768x579.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hgcghcgh-1024x772.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hgcghcgh.jpg 1430w" alt="" width="1430" height="1078" /><figcaption id="caption-attachment-423457" class="wp-caption-text">Image 1 – Survey scam emails</figcaption></figure> <p>There are even some campaigns that specifically target the holiday shopping season.</p> <figure id="attachment_423458" aria-describedby="caption-attachment-423458" style="width: 942px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423458 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/ghvehgvfew.jpg" sizes="(max-width: 942px) 100vw, 942px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/ghvehgvfew-300x212.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/ghvehgvfew-768x543.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/ghvehgvfew.jpg 942w" alt="" width="942" height="666" /><figcaption id="caption-attachment-423458" class="wp-caption-text">Image 2 – Holiday-themed survey scams</figcaption></figure> <p>Clicking the links in these emails takes the recipient to sites where they are asked to fill out a survey.</p> <figure id="attachment_423459" aria-describedby="caption-attachment-423459" style="width: 1430px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423459 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/ggvdgf.jpg" sizes="(max-width: 1430px) 100vw, 1430px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/ggvdgf-300x144.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/ggvdgf-768x369.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/ggvdgf-1024x492.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/ggvdgf.jpg 1430w" alt="" width="1430" height="687" /><figcaption id="caption-attachment-423459" class="wp-caption-text">Image 3 – Survey landing pages</figcaption></figure> <p>These pages often include fake testimonials that say how easy the survey is and what they did with their free gift.</p> <figure id="attachment_423460" aria-describedby="caption-attachment-423460" style="width: 640px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423460 size-medium_large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gfdgfdfgd-768x548.jpg" sizes="(max-width: 768px) 100vw, 768px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gfdgfdfgd-300x214.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gfdgfdfgd-768x548.jpg 768w" alt="" width="640" height="457" /><figcaption id="caption-attachment-423460" class="wp-caption-text">Image 4 – Fake testimonials</figcaption></figure> <p>The surveys are straightforward, comprising 10-20 simple questions that cover demographic information and shopping habits.</p> <figure id="attachment_423461" aria-describedby="caption-attachment-423461" style="width: 1430px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423461 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcgfcgc.jpg" sizes="(max-width: 1430px) 100vw, 1430px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcgfcgc-300x218.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcgfcgc-768x557.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcgfcgc-1024x743.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcgfcgc.jpg 1430w" alt="" width="1430" height="1038" /><figcaption id="caption-attachment-423461" class="wp-caption-text">Image 5 – Survey questions</figcaption></figure> <p>After the survey is completed, these sites offer the choice of a handful of rewards. All the recipient must do is pay for shipping. They are then brought to a page where they can fill out shipping and payment information, and the reward is supposedly shipped.</p> <figure id="attachment_423462" aria-describedby="caption-attachment-423462" style="width: 1430px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423462 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcgcfg.jpg" sizes="(max-width: 1430px) 100vw, 1430px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcgcfg-300x73.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcgcfg-768x187.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcgcfg-1024x249.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcgcfg.jpg 1430w" alt="" width="1430" height="348" /><figcaption id="caption-attachment-423462" class="wp-caption-text">Image 6 – Steps to receive a “special deal”</figcaption></figure> <p>However, the attempts to make payment often appear to fail, or the recipient is informed that the prize is no longer available.</p> <figure id="attachment_423463" aria-describedby="caption-attachment-423463" style="width: 1430px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423463 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfcgfcfg.jpg" sizes="(max-width: 1430px) 100vw, 1430px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfcgfcfg-300x161.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfcgfcfg-768x411.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfcgfcfg-1024x549.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfcgfcfg.jpg 1430w" alt="" width="1430" height="766" /><figcaption id="caption-attachment-423463" class="wp-caption-text">Image 7 – Failed attempts to claim rewards</figcaption></figure> <p>An unsuspecting user may simply give up at this point, disappointed that they won’t be getting their free gift. What they may not be aware of, is that they have just given their credit card details away in a phishing scam.</p> <p>In their <a href="https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf">2021 Internet Crime Report</a>, the Internet Crime Complaint Center (IC3) said that Non-Payment / Non-Delivery scams such as these led to more than $337 million in losses, up from $265 million in 2020. Credit card fraud amounted to $172 million in 2021 and has been climbing continuously at a conservative rate of 15-20 percent since 2019.</p> <p>According to <a href="https://umbrella.cisco.com/">Cisco Umbrella</a>, many of the sites asking for credit card details are known phishing sites, or worse, host malware.</p> <figure id="attachment_423464" aria-describedby="caption-attachment-423464" style="width: 936px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423464 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gfcfgcgf.jpg" sizes="(max-width: 936px) 100vw, 936px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gfcfgcgf-300x157.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gfcfgcgf-768x402.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gfcfgcgf.jpg 936w" alt="" width="936" height="490" /><figcaption id="caption-attachment-423464" class="wp-caption-text">Image 8 – Malicious domain hosting survey scams</figcaption></figure> <h2><strong><span style="color: #6abf4b;">Your package is in route</span></strong></h2> <p>Another topic that we covered the last time we explored these types of scams was package delivery spam. These continue to circulate today. There are a variety of shipping companies impersonated in these campaigns, and some generic ones as well.</p> <figure id="attachment_423465" aria-describedby="caption-attachment-423465" style="width: 1430px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423465 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gfcgfcfgc.jpg" sizes="(max-width: 1430px) 100vw, 1430px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gfcgfcfgc-300x145.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gfcgfcfgc-768x371.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gfcgfcfgc-1024x494.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gfcgfcfgc.jpg 1430w" alt="" width="1430" height="690" /><figcaption id="caption-attachment-423465" class="wp-caption-text">Image 9 – Package scam emails</figcaption></figure> <p>Many of these campaigns claim that a package could not be delivered. If the recipient clicks on a link in an email, they’re brought to a web page that explains that there are outstanding delivery fees that need to be paid.</p> <figure id="attachment_423466" aria-describedby="caption-attachment-423466" style="width: 1430px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423466 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcgfcf.jpg" sizes="(max-width: 1430px) 100vw, 1430px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcgfcf-300x144.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcgfcf-768x369.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcgfcf-1024x492.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcgfcf.jpg 1430w" alt="" width="1430" height="687" /><figcaption id="caption-attachment-423466" class="wp-caption-text">Image 10 – Steps in package delivery phishing scam</figcaption></figure> <p>The recipient is further enticed by suggestions that the package contains a big-ticket item, such as an iPhone or iPad Pro. All the recipient is required to do is enter their credit card details to cover the shipping.</p> <figure id="attachment_423467" aria-describedby="caption-attachment-423467" style="width: 1430px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423467 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcfgc.jpg" sizes="(max-width: 1430px) 100vw, 1430px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcfgc-300x68.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcfgc-768x175.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcfgc-1024x233.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcfgc.jpg 1430w" alt="" width="1430" height="326" /><figcaption id="caption-attachment-423467" class="wp-caption-text">Image 11 – Credit card entry steps in package delivery phishing scam</figcaption></figure> <p>While no outright malicious activity was detected while examining these emails in Secure Malware Analytics, several suspicious behaviors were flagged. Chances are the bad actors behind these campaigns are phishing for credit card details.</p> <figure id="attachment_423468" aria-describedby="caption-attachment-423468" style="width: 640px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423468 size-medium_large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcfcfgc-768x545.jpg" sizes="(max-width: 768px) 100vw, 768px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcfcfgc-300x213.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fgcfcfgc-768x545.jpg 768w" alt="" width="640" height="454" /><figcaption id="caption-attachment-423468" class="wp-caption-text">Image 12 – Indications of phishing activity</figcaption></figure> <h2><span style="color: #6abf4b;"><strong>Plain-text messages</strong></span></h2> <p>Sometimes the simplest approaches can work just as well as the flashiest. This certainly holds true with spam campaigns, given the prominence of plain-text messages.</p> <figure id="attachment_423469" aria-describedby="caption-attachment-423469" style="width: 1430px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423469 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcfgcg.jpg" sizes="(max-width: 1430px) 100vw, 1430px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcfgcg-300x155.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcfgcg-768x397.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcfgcg-1024x529.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcfgcg.jpg 1430w" alt="" width="1430" height="739" /><figcaption id="caption-attachment-423469" class="wp-caption-text">Image 13 – Plain-text spam email examples</figcaption></figure> <p>The topics covered in such emails run the gamut, including medical cures, 419 scams, romance and dating, pharmaceuticals, weight loss, and many of the scam types we’ve already covered. Many of these link to phishing sites, though some attempt to establish a dialog with the recipient, tricking them into sending the scammers money.</p> <p>The IC3 report says that victims of confidence fraud and romance scams lost $956 million collectively, which is up from $600 million in 2020. Healthcare fraud, such as the miracle pills and prescriptions scams, resulted in $7 million in losses in 2021, but nearly $30 million in 2020. While these types of scams seem generic and easily spotted, they still work, and so it’s important to be aware and avoid them.</p> <h2><strong><span style="color: #6abf4b;">Problems with your account</span></strong></h2> <p>Many emails hitting the spam box attempt to trick users of various services into believing that there is a problem with their account. The problems cover all sorts of services, including streaming platforms, email providers, antivirus subscriptions, and even public records.</p> <figure id="attachment_423470" aria-describedby="caption-attachment-423470" style="width: 1405px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423470 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcf.jpg" sizes="(max-width: 1405px) 100vw, 1405px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcf-300x168.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcf-768x431.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcf-1024x574.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfgcf.jpg 1405w" alt="" width="1405" height="788" /><figcaption id="caption-attachment-423470" class="wp-caption-text">Image 14 – Emails indicating problems with an account</figcaption></figure> <p>If the links are clicked, the recipient is presented with landing pages that mimic the respective services. Any details that are entered will likely be phished, leading to account takeover and/or access to personal records. However, some domains encountered in these cases may do more than just steal information, they could deliver malware too.</p> <figure id="attachment_423471" aria-describedby="caption-attachment-423471" style="width: 640px" class="wp-caption aligncenter"><img loading="lazy" class="size-medium_large wp-image-423471" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfcgcfg-768x530.jpg" sizes="(max-width: 768px) 100vw, 768px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfcgcfg-300x207.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcfcgcfg-768x530.jpg 768w" alt="" width="640" height="442" /><figcaption id="caption-attachment-423471" class="wp-caption-text">Image 15 – Likely malicious activity</figcaption></figure> <h2><strong><span style="color: #6abf4b;">Billing scams</span></strong></h2> <p>Another frequently encountered scam surrounds billing. Many of these appear to be unexpected bills for services the recipient never purchased.</p> <figure id="attachment_423472" aria-describedby="caption-attachment-423472" style="width: 1430px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423472 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hchfcchc.jpg" sizes="(max-width: 1430px) 100vw, 1430px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hchfcchc-300x70.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hchfcchc-768x180.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hchfcchc-1024x241.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hchfcchc.jpg 1430w" alt="" width="1430" height="336" /><figcaption id="caption-attachment-423472" class="wp-caption-text">Image 16 – Billing scam examples</figcaption></figure> <p>These emails include attachments that are designed to look like official invoices. Interestingly, most of the attachments that we looked at this time were harmless. The goal is to get the recipient to call what appears to be a toll-free number.</p> <figure id="attachment_423473" aria-describedby="caption-attachment-423473" style="width: 1430px" class="wp-caption aligncenter"><img loading="lazy" class="wp-image-423473 size-full" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gvhgvgh.jpg" sizes="(max-width: 1430px) 100vw, 1430px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gvhgvgh-300x109.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gvhgvgh-768x279.jpg 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gvhgvgh-1024x372.jpg 1024w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/gvhgvgh.jpg 1430w" alt="" width="1430" height="519" /><figcaption id="caption-attachment-423473" class="wp-caption-text">Image 17 – Billing scam attachments</figcaption></figure> <p>While we haven’t called any of these numbers, the experience usually unfolds like a standard customer service call. In the end the “agents” simply claim the charges—which never existed in the first place—have been removed. Meanwhile the scammers steal any personal or financial information provided during the call.</p> <h2><strong><span style="color: #6abf4b;">Malicious billing scams</span></strong></h2> <p>While most billing scams we encountered played out as described above, a few did indeed contain malware.</p> <p>In this example, the email appears to come from an internet service provider, informing us that our monthly bill is ready.</p> <figure id="attachment_423474" aria-describedby="caption-attachment-423474" style="width: 640px" class="wp-caption aligncenter"><img loading="lazy" class="size-medium_large wp-image-423474" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/ghvdhgavf-768x566.jpg" sizes="(max-width: 768px) 100vw, 768px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/ghvdhgavf-300x221.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/ghvdhgavf-768x566.jpg 768w" alt="" width="640" height="472" /><figcaption id="caption-attachment-423474" class="wp-caption-text">Image 18 – A malicious billing scam email</figcaption></figure> <p>An invoice appears to be attached, stored within a .zip file. If the recipient opens it and double clicks the file within, a command prompt appears.</p> <figure id="attachment_423475" aria-describedby="caption-attachment-423475" style="width: 640px" class="wp-caption aligncenter"><img loading="lazy" class="size-medium_large wp-image-423475" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/dfffew-768x406.jpg" sizes="(max-width: 768px) 100vw, 768px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/dfffew-300x158.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/dfffew-768x406.jpg 768w" alt="" width="640" height="338" /><figcaption id="caption-attachment-423475" class="wp-caption-text">Image 19 – Command prompt launched by attachment</figcaption></figure> <p>This may seem unusual to the recipient, especially since no invoice appears, but by this point it’s too late. The file contains a script that launches PowerShell and attempts to download a remote file.</p> <figure id="attachment_423476" aria-describedby="caption-attachment-423476" style="width: 640px" class="wp-caption aligncenter"><img loading="lazy" class="size-medium_large wp-image-423476" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcgfcgfg-768x261.jpg" sizes="(max-width: 768px) 100vw, 768px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcgfcgfg-300x102.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/fcgfcgfg-768x261.jpg 768w" alt="" width="640" height="218" /><figcaption id="caption-attachment-423476" class="wp-caption-text">Image 20 – Contents of batch file</figcaption></figure> <p>While the remote file was no longer available at the time of analysis, there is a high likelihood it was malicious. But even though we were unable to determine its contents, Secure Malware Analytics flagged the script execution as malicious.</p> <figure id="attachment_423477" aria-describedby="caption-attachment-423477" style="width: 640px" class="wp-caption aligncenter"><img loading="lazy" class="size-medium_large wp-image-423477" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hfhgfghffhg-768x322.jpg" sizes="(max-width: 768px) 100vw, 768px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hfhgfghffhg-300x126.jpg 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/hfhgfghffhg-768x322.jpg 768w" alt="" width="640" height="268" /><figcaption id="caption-attachment-423477" class="wp-caption-text">Image 21 – Script launching PowerShell to download further files</figcaption></figure> <h2><strong><span style="color: #6abf4b;">Defending yourself</span></strong></h2> <p>Knowing about prevalent scams, especially during the holiday season, is a first step in guarding against them. Granted the bad actors who distribute these spam campaigns do everything they can to make their scams look legitimate.</p> <p>Fortunately, there are several things that you can do to identify scams and defend against them:</p> <ul> <li>Be wary of any unsolicited offers, giveaways, and other suspicious communications.</li> <li>Ensure that the sender’s email address corresponds with the organization it claims to come from. In many of the examples above they do not.</li> <li>When holiday shopping, stick to known vendors, visiting their websites directly or using their official apps.</li> <li>Do not open links or attachments in emails coming from unknown sources.</li> </ul> <p>But even the best of us can be fooled, and when overseeing a large operation it’s more a matter of when, rather than if, someone clicks on the wrong link. There are elements of the Cisco Secure portfolio that can help for when the inevitable happens.</p> <p><a href="https://www.cisco.com/c/en/us/products/security/threat-grid/index.html">Cisco Secure Malware Analytics</a> is the malware analysis and malware threat intelligence engine behind all products across the Cisco Security Architecture. The system delivers enhanced, in-depth, advanced malware analysis and context-rich intelligence to help better understand and fight malware within your environments. Secure Malware Analytics is available as a standalone solution, as a component in other Cisco Security solutions, and through software-as-a-service (SaaS) in the cloud, on-premises, and hybrid delivery models.</p> <p><a href="https://www.cisco.com/site/us/en/products/security/secure-email/index.html">Cisco Secure Email</a> protects against fraudulent senders, malware, phishing links, and spam. Its advanced threat detection capabilities can uncover known, emerging, and targeted threats. In addition, it defends against phishing by using advance machine learning techniques, real time behavior analytics, relationship modeling, and telemetry that protects against identity deception–based threats.</p> <p><a href="https://umbrella.cisco.com/">Cisco Umbrella</a> unifies multiple security functions in a single cloud service to secure internet access. By enforcing security at the DNS layer, Umbrella blocks requests to malware before a connection is even established—before they reach your network or endpoints. In addition, the secure web gateway logs and inspects all web traffic for greater transparency, control, and protection, while the cloud-delivered firewall helps to block unwanted traffic.</p> <p><a href="https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html">Cisco Secure Endpoint</a> is a single-agent solution that provides comprehensive protection, detection, response, and user access coverage to defend against threats to your endpoints. The <a href="https://www.cisco.com/site/us/en/products/security/securex-platform/index.htmlhttps:/www.cisco.com/site/us/en/products/security/securex-platform/index.html">SecureX</a> platform is built into Secure Endpoint, as are Extended Detection and Response (XDR) capabilities. With the introduction of <a href="https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/secure-mdr-for-endpoint.html">Cisco Secure MDR for Endpoint</a>, we have combined Secure Endpoint’s superior capabilities with security operations to create a comprehensive endpoint security solution that dramatically decreases the mean time to detect and respond to threats while offering the highest level of always-on endpoint protection.</p> <p><a href="https://cisco.com/go/threatwise" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-423537 size-medium_large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/Screenshot-2022-12-07-at-9.33.04-AM-768x181.png" sizes="(max-width: 768px) 100vw, 768px" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/Screenshot-2022-12-07-at-9.33.04-AM-300x71.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/12/Screenshot-2022-12-07-at-9.33.04-AM-768x181.png 768w" alt="" width="640" height="151" /></a></p> <hr /> <p style="text-align: center;"><em>We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!</em></p> <p style="text-align: center;"><strong>Cisco Secure Social Channels</strong></p> <p style="text-align: center;"><strong><a href="https://www.instagram.com/CiscoSecure/" target="_blank" rel="noopener noreferrer">Instagram</a></strong><br /> <strong><a href="https://www.facebook.com/ciscosecure/" target="_blank" rel="noopener noreferrer">Facebook</a></strong><br /> <strong><a href="https://twitter.com/CiscoSecure" target="_blank" rel="noopener noreferrer">Twitter</a></strong><br /> <strong><a href="https://www.linkedin.com/showcase/cisco-secure" target="_blank" rel="noopener noreferrer">LinkedIn</a></strong></p> <div id="share_bar_desktop"> <span class = "share_title">Share</span> <div class="twitter"> <div class = "box"> <a class = "share" href="https://twitter.com/intent/tweet?url=https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition&text=Explorations in the spam folder–Holiday Edition&via=ciscosecure" target='_blank' data-config-metrics-group='social_shares' data-config-metrics-title='twitter_shares' data-config-metrics-item='twitter_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_X_white.svg" alt="share on twitter"></a> </div> </div> <div class="facebook"> <div class = "box"> <a class = "share" href = "http://www.facebook.com/sharer/sharer.php?u=https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition&title=Explorations in the spam folder–Holiday Edition" data-config-metrics-group='social_shares' data-config-metrics-title='facebook_shares' data-config-metrics-item='facebook_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_fb_white.svg" alt="share on facebook"></a> </div> </div> <div class="linkedin"> <div class = "box"> <a class = "share" href = "https://www.linkedin.com/cws/share?url=https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition" data-title=" " data-config-metrics-group='social_shares' data-config-metrics-title='linkedin_shares' data-config-metrics-item='linkedin_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_li_white.svg" alt="share on linkedin"></a> </div> </div> <div class = "mail"> <div class = "box"> <a class="share" href="mailto:?subject=Cisco Blog: Explorations in the spam folder–Holiday Edition&body=I saw this post on Cisco Blogs and thought you might like to read it.%0A%0AExplorations in the spam folder–Holiday Edition%0A%0Ahttps://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition%0A%0A****Disclaimer****%0A%0ACisco is not responsible for the content of this email, and its contents do not necessarily reflect Cisco’s views or opinions. Cisco has not verified the email address or name of the sender." data-config-metrics-group='social_shares' data-config-metrics-title='email_shares' data-config-metrics-item='email_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_email_white.svg"> </a> </div> </div> <div class = "clear"></div> </div> <br> <div class = "share_text">Share:</div> <div id="share_bar_mobile"> <div class="twitter"> <div class = "box"> <a class = "share" href="https://twitter.com/intent/tweet?url=https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition&text=Explorations in the spam folder–Holiday Edition&via=ciscosecure" target='_blank' data-config-metrics-group='social_shares' data-config-metrics-title='twitter_shares' data-config-metrics-item='twitter_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_X_white.svg" alt="share on twitter"></a> </div> </div> <div class="facebook"> <div class = "box"> <a class = "share" href = "http://www.facebook.com/sharer/sharer.php?u=https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition&title=Explorations in the spam folder–Holiday Edition" data-config-metrics-group='social_shares' data-config-metrics-title='facebook_shares' data-config-metrics-item='facebook_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_fb_white.svg" alt="share on facebook"></a> </div> </div> <div class="linkedin"> <div class = "box"> <a class = "share" href = "https://www.linkedin.com/cws/share?url=https://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition" data-title=" " data-config-metrics-group='social_shares' data-config-metrics-title='linkedin_shares' data-config-metrics-item='linkedin_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_li_white.svg" alt="share on linkedin"></a> </div> </div> <div class = "mail"> <div class = "box"> <a class="share" href="mailto:?subject=Cisco Blog: Explorations in the spam folder–Holiday Edition&body=I saw this post on Cisco Blogs and thought you might like to read it.%0A%0AExplorations in the spam folder–Holiday Edition%0A%0Ahttps://blogs.cisco.com/security/explorations-in-the-spam-folder-holiday-edition%0A%0A****Disclaimer****%0A%0ACisco is not responsible for the content of this email, and its contents do not necessarily reflect Cisco’s views or opinions. Cisco has not verified the email address or name of the sender." data-config-metrics-group='social_shares' data-config-metrics-title='email_shares' data-config-metrics-item='email_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_email_white.svg"> </a> </div> </div> <div class = "clear"></div> </div> <br> </div> <div class="author-section"> <div><h2>Authors</h2></div> <div class="auth-row"> <div class="blog-row author-bio"> <div class="item-thirds-1 author-bio-box" > <div class="author-image" > <a href="https://blogs.cisco.com/author/bennahorney"><img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1544628543-bpfull.jpg" width="150" height="150" alt="Avatar" class="avatar avatar-150wp-user-avatar wp-user-avatar-150 alignnone photo avatar-default"> </a> </div> <div class="author-info"> <h3><a href="https://blogs.cisco.com/author/bennahorney"> Ben Nahorney</a> </h3> <h4 class="title">Threat Intelligence Analyst </h4> <h4>Cisco Security</h4> </div> </div> </div> </div> </div> <footer class="entry-footer"> </footer> </article> <div id="tags-container">Tags: <a href="https://blogs.cisco.com/tag/cisco-umbrella" rel="tag">Cisco Umbrella</a> <a href="https://blogs.cisco.com/tag/holiday" rel="tag">holiday</a> <a href="https://blogs.cisco.com/tag/phishing" rel="tag">phishing</a> <a href="https://blogs.cisco.com/tag/secure-email" rel="tag">secure email</a> <a href="https://blogs.cisco.com/tag/secure-endpoint" rel="tag">Secure Endpoint</a> <a href="https://blogs.cisco.com/tag/secure-malware-analytics" rel="tag">Secure Malware Analytics</a> <a href="https://blogs.cisco.com/tag/spam" rel="tag">spam</a> <a href="https://blogs.cisco.com/tag/threat-insights" rel="tag">threat insights</a> <hr id="comment-break-line"> </div> </main> </div> <div class="blog-row cui cta"> <div class="item-halves-1"> <div class="cta-container"> <div class="cta-image"> <img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2023/07/IL20230719143932-Cybersecurity-Expert-graphic-marquee-3-scaled-150x150.jpg"> </div>  <div class="cta-description"> <h2>Cisco Cybersecurity Viewpoints</h2> <p>Where security insights and innovation meet. Read the e-book, see the video, dive into the infographic and more...</p> <div class="btn--parent"> <button class="btn--primary1" onclick="window.location.href = 'https://www.cisco.com/c/m/en_us/products/security/cybersecurity-viewpoints.html?CCID=cc000160&OID=otrsc031293&DTID=oblgcdc000651';">  Get expert perspectives now </button> </div>  </div>    </div>  </div>  <div class="item-halves-2"> <div class="cta-container"> <div class="cta-image"> <img src="https://alln-extcloud-storage.cisco.com/Cisco_Blogs:blogs/1/2020/01/IL20200117171458-Screen-Shot-2020-01-17-at-12.13.39-PM-150x150.png"> </div>  <div class="cta-description"> <h2>Why Cisco Security?</h2> <p>Explore our Products & Services</p> <div class="btn--parent"> <button class="btn--primary1" onclick="window.location.href = 'https://www.cisco.com/c/en/us/products/security/index.html';">  Learn More </button> </div>  </div>    </div>  </div>  </div> </div>  <div id="social-footer" class="blog-row"> <ul class="social-footer-item item-full"> <h5> CONNECT WITH US </h5> <ul id="social-icons-list"> <li> <a href="https://www.linkedin.com/company/cisco/" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's LinkedIn"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m24.80382,24.53603l-3.70694,0l0,-5.62559c0,-1.34209 -0.02431,-3.06801 -1.92709,-3.06801c-1.92986,0 -2.22361,1.46262 -2.22361,2.97171l0,5.72189l-3.70347,0l0,-11.56902l3.55417,0l0,1.58181l0.05069,0c0.49445,-0.90976 1.70486,-1.86868 3.50903,-1.86868c3.75347,0 4.44722,2.39528 4.44722,5.51111l0,6.34478zm-15.74236,-13.1495c-1.19097,0 -2.15139,-0.934 -2.15139,-2.08552c0,-1.15084 0.96042,-2.08485 2.15139,-2.08485c1.18611,0 2.14931,0.93401 2.14931,2.08485c0,1.15152 -0.9632,2.08552 -2.14931,2.08552l0,0zm1.85486,13.1495l0,-11.56902l-3.71111,0l0,11.56902l3.71111,0zm15.73403,-20.65724l-21.30556,0c-1.01736,0 -1.84444,0.78249 -1.84444,1.74815l0,20.74545c0,0.96499 0.82708,1.74882 1.84444,1.74882l21.30556,0c1.02014,0 1.84931,-0.78383 1.84931,-1.74882l0,-20.74545c0,-0.96566 -0.82917,-1.74815 -1.84931,-1.74815l0,0z" fill="#fff" fill-rule="evenodd"></path></svg></a></li> <li> <a href="https://twitter.com/ciscosecure" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Twitter"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <path d="M25.2019 2H30.1087L19.3887 13.8605L32 30H22.1254L14.3913 20.2115L5.54174 30H0.631901L12.0981 17.3138L0 2H10.1252L17.1162 10.9471L25.2019 2ZM23.4797 27.1569H26.1987L8.64785 4.69374H5.73013L23.4797 27.1569Z" fill="#fff"/> </svg></a></li> <li> <a href="https://www.facebook.com/cisco/" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Facebook"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m26.62006,4l-22.2403,0c-0.7622,0 -1.37976,0.59894 -1.37976,1.33804l0,21.56635c0,0.73891 0.61756,1.33803 1.37976,1.33803l11.97343,0l0,-9.38796l-3.25793,0l0,-3.65868l3.25793,0l0,-2.69815c0,-3.13113 1.97213,-4.83613 4.85266,-4.83613c1.37975,0 2.56571,0.09955 2.91135,0.14415l0,3.2722l-1.99788,0.00091c-1.56654,0 -1.86993,0.72183 -1.86993,1.7812l0,2.33582l3.7362,0l-0.48652,3.65868l-3.24968,0l0,9.38796l6.37067,0c0.76191,0 1.37975,-0.59912 1.37975,-1.33803l0,-21.56635c0,-0.7391 -0.61784,-1.33804 -1.37975,-1.33804" fill="#fff"></path></svg></a></li> <li> <a href="https://www.instagram.com/cisco/?hl=en" target="_blank" rel=”noopener noreferrer” tabindex="0" alt= "Go to Cisco's Instagram"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g fill="#fff"><path d="m22.23823,2.07724l-12.4768,0c-4.23706,0 -7.68419,3.44729 -7.68419,7.68435l0,12.4768c0,4.23723 3.44713,7.68436 7.68419,7.68436l12.4768,0c4.23739,0 7.68452,-3.4473 7.68452,-7.68436l0,-12.4768c0.00016,-4.23706 -3.44713,-7.68435 -7.68452,-7.68435zm5.21409,20.16115c0,2.87494 -2.33899,5.21377 -5.21393,5.21377l-12.47696,0c-2.87478,0.00016 -5.2136,-2.33883 -5.2136,-5.21377l0,-12.4768c0,-2.87477 2.33882,-5.21376 5.2136,-5.21376l12.4768,0c2.87494,0 5.21393,2.33899 5.21393,5.21376l0,12.4768l0.00016,0z"></path><path d="m15.99999,8.82524c-3.9564,0 -7.17508,3.21868 -7.17508,7.17508c0,3.95624 3.21868,7.17476 7.17508,7.17476c3.9564,0 7.17509,-3.21852 7.17509,-7.17476c0,-3.9564 -3.21869,-7.17508 -7.17509,-7.17508zm0,11.87908c-2.59395,0 -4.70449,-2.11021 -4.70449,-4.70416c0,-2.59412 2.11038,-4.7045 4.70449,-4.7045c2.59412,0 4.7045,2.11038 4.7045,4.7045c0,2.59395 -2.11054,4.70416 -4.7045,4.70416z"></path><path d="m23.47599,6.73035c-0.476,0 -0.9436,0.1927 -1.27976,0.53035c-0.33781,0.336 -0.532,0.80376 -0.532,1.28141c0,0.47617 0.19435,0.94377 0.532,1.28141c0.336,0.336 0.80376,0.53036 1.27976,0.53036c0.47765,0 0.94377,-0.19436 1.28141,-0.53036c0.33765,-0.33764 0.53036,-0.80541 0.53036,-1.28141c0,-0.47765 -0.19271,-0.94541 -0.53036,-1.28141c-0.336,-0.33765 -0.80376,-0.53035 -1.28141,-0.53035z"></path></g></svg></a></li> <li> <a href="https://www.youtube.com/user/Cisco/welcome" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Youtube"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m12.73901,19.93335l-0.00144,-8.54172l8.47104,4.28574l-8.4696,4.25598zm18.59878,-10.02146c0,0 -0.30631,-2.09493 -1.24635,-3.01746c-1.19214,-1.21081 -2.52842,-1.21682 -3.14122,-1.28769c-4.38704,-0.30753 -10.96784,-0.30753 -10.96784,-0.30753l-0.01363,0c0,0 -6.58064,0 -10.96784,0.30753c-0.61283,0.07087 -1.94862,0.07688 -3.14119,1.28769c-0.93998,0.92253 -1.24586,3.01746 -1.24586,3.01746c0,0 -0.31352,2.46013 -0.31352,4.92024l0,2.30635c0,2.46008 0.31352,4.92018 0.31352,4.92018c0,0 0.30588,2.09496 1.24586,3.01749c1.19257,1.21085 2.7591,1.17254 3.45682,1.29945c2.50808,0.23321 10.65906,0.30539 10.65906,0.30539c0,0 6.58758,-0.00962 10.97462,-0.31712c0.6128,-0.07089 1.94908,-0.07687 3.14122,-1.28772c0.94004,-0.92253 1.24635,-3.01749 1.24635,-3.01749c0,0 0.31306,-2.4601 0.31306,-4.92018l0,-2.30635c0,-2.46011 -0.31306,-4.92024 -0.31306,-4.92024l0,0z" fill="#fff"></path></svg></a></li> </ul> </ul> </div>  </cdc-template-micro>  </div> <script type="text/javascript" src="//www.cisco.com/c/dam/cdc/t/ctm.js"></script> <script> function convert_to_url(obj) { return Object .keys(obj) .map(k => `${encodeURIComponent(k)}=${encodeURIComponent(obj[k])}`) .join('&'); } function pass_to_backend() { if(window.location.hash) { var hash = window.location.hash; var elements = {}; hash.split("#")[1].split("&").forEach(element => { var vars = element.split("="); elements[vars[0]] = vars[1]; }); if(("access_token" in elements) || ("id_token" in elements) || ("token" in elements)) { if(window.location.href.indexOf("?") !== -1) { window.location = (window.location.href.split("?")[0] + window.location.hash).split('#')[0] + "?" + convert_to_url(elements); } else { window.location = window.location.href.split('#')[0] + "?" + convert_to_url(elements); } } } } pass_to_backend(); </script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/navigation.js?ver=20151215' id='ciscowordpress-navigation-js'></script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/skip-link-focus-fix.js?ver=20151215' id='ciscowordpress-skip-link-focus-fix-js'></script> </body> </html>