Lately our employees have been receiving emails with no content - no links, attachments or text. One of the more popular subject lines is “Sad”. If our anti-malware software was removing dangerous content it would notify us (and refuse to deliver the email), so it seems these emails are being deliberately sent with no payload. My guess is that the purpose of these is to test email addresses. If the email doesn’t bounce the sender knows it’s a valid address that can be targeted for future attacks. Can anyone confirm this or offer another explanation?
I’ve heard its a common tactic to send a benign email so the user gets used to seeing the sender and subject. We had a slew of them last year - but those had a small amount of text. Thanks for letting us know about this.
Make sure your Domain hosting site has a SPN so it can’t be spammed with fake @(yourdomain) messages. MXLookup.com
Agreed, I second either look into a SPN, SPF or DKIM.
@jhclogg I think it is someone trying to see if emails bounced like you said. It is a common tactic for people to scope out a target and send attacks to people’s Inbox when they know they can get through.I agree with the others here that it is a sign to start taking extra measures to secure yourself and others who may be susceptible to receiving the malicious emails let alone click on payloads within emails.
There have been occurrences of blank emails that were found delivering an attachment with Cerber.Zip files which is ransomware. Though I know in the example given by @jhclogg didn’t have the attachment in the email. They have an obfuscated/encoded.js file according to an article I found. It is in the form of a malicious word doc.
Here is an informative article on how to protect yourself from these types of attacks. Hope it helps!