Snowshoe spam is a type of email spam that spammers send from many IP addresses and domains to avoid being caught by spam filters. Instead of sending their spam from a few IP addresses that can be easily identified, snowshoe spammers use multiple IP addresses and send smaller batches of spam from each one.
This, in fact, is how snowshoe spam got its name. Just as a snowshoe distributes your body weight across a larger surface area and allows you to stay on top of the snow, snowshoe spamming disperses the unwanted, unasked-for emails across many IP addresses and domains in order to avoid detection.
How snowshoe spam works
Snowshoe spammers craft spam emails that look legitimate. These emails often include required components, such as unsubscribe options, but snowshoe spammers do not follow up on opt-out or unsubscribe requests. Instead, they use fake Whois information and false business names to disguise their intent.
Once the email spam is ready to send, snowshoe spammers use a variety of tactics to avoid being caught. They use multiple IP addresses and domains to send the email spam. They also change the domains and IP addresses frequently to dilute their reputation metrics and avoid being blacklisted .
Snowshoe spammers sometimes create fake subdomains that include the name of a well-known business to convince recipients to open the email and click on links inside. Once an employee clicks on one of the email links, it is too late to stop a malware attack.
The risks of snowshoe spam
While some snowshoe spam is annoying but not dangerous, threat actors also create snowshoe spam that carries malware. These emails are a threat to the healthcare industry because they can cause data breaches, spread computer viruses, or shut down a provider's entire computer network until an expensive ransom is paid.
SEE ALSO: To pay or to not pay for stolen data
This type of cyberattack is on the rise, according to the FBI’s Internet Crime Complaint Center (IC3). The IC3’s 2020 Internet Crime Report points out that business email compromise (BEC) attacks reached record levels in 2020, with associated adjusted losses of $1.8 billion.
The healthcare industry is particularly vulnerable to snowshoe spam attacks because it stores valuable protected health information (PHI), often using legacy devices that should have been updated long ago. In addition, healthcare employees work long hours in high stress situations. Under these conditions, it is easy for threat actors to use social engineering to entice healthcare workers to click on a link in a spam email, triggering a malware attack or allowing access to PHI.
Paubox Email Suite Plus combats snowshoe spam
Strong email security is key to preventing snowshoe spam from landing in employees' email inboxes. Paubox Email Suite Plus not only allows covered entities to send HIPAA compliant email by default, but it also includes inbound email security features that block malware-carrying email spam.
Paubox Email Suite Plus comes with ExecProtect , a patented feature that prevents snowshoe spammers from sending display name spoofing emails that appear to come from your CEO or senior managers. Paubox Email Suite integrates with Google Workspace , Microsoft Exchange, or Microsoft 365 and delivers emails directly to patients’ inboxes without requiring a portal or password. Doctors can do business as usual without changing their work routines.