Spam emails promising financial rewards, miracle health products, gambling bonuses, or urgent payment requests are a familiar nuisance. But what is far less understood is the infrastructure sitting behind them and how attackers are abusing trusted names like Google and The New York Times to make their campaigns harder to detect.
To find out, Comparitech investigated spam and phishing emails received in a standard consumer inbox, tracing the links through Google Cloud Storage and on to attacker-controlled infrastructure. The research uncovered a coordinated global network of 12,704 internet-facing servers across 55 countries, many of which served near-identical landing pages containing scraped New York Times content apparently to appear benign to scanners, researchers, and visitors who are not selected targets.
Key findings include:
- Thousands of internet-facing servers across dozens of countries were found to be part of a coordinated global phishing infrastructure linked to spam campaigns targeting everyday consumers.
- Attackers are abusing Google Cloud Storage links to improve email deliverability and sidestep spam filters, exploiting the trusted reputation of a major platform to reach more victims.
- Servers redirected targets to near-identical landing pages packed with scraped New York Times content, a deliberate technique to appear legitimate to security scanners while serving phishing pages to identified targets.
- The vast majority of discovered hosts were running end-of-life software, indicating a sprawling, largely unmanaged infrastructure with little operational overhead for the attackers.
- Infrastructure was spread across hundreds of different hosting providers, making coordinated takedowns extremely difficult for any single platform or authority to take action.
- Most servers had no prior abuse reports on record, suggesting the infrastructure is rapidly provisioned, frequently rotated, or purpose-built for short-lived redirection, all tactics designed to evade detection.
Here is a link to the full study: https://www.comparitech.com/news/how-spammers-are-hiding-behind-google-and-the-new-york-times/
Related
This entry was posted on June 10, 2026 at 9:00 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The global spam machine hiding behind Google and the New York Times
Spam emails promising financial rewards, miracle health products, gambling bonuses, or urgent payment requests are a familiar nuisance. But what is far less understood is the infrastructure sitting behind them and how attackers are abusing trusted names like Google and The New York Times to make their campaigns harder to detect.
To find out, Comparitech investigated spam and phishing emails received in a standard consumer inbox, tracing the links through Google Cloud Storage and on to attacker-controlled infrastructure. The research uncovered a coordinated global network of 12,704 internet-facing servers across 55 countries, many of which served near-identical landing pages containing scraped New York Times content apparently to appear benign to scanners, researchers, and visitors who are not selected targets.
Key findings include:
Here is a link to the full study: https://www.comparitech.com/news/how-spammers-are-hiding-behind-google-and-the-new-york-times/
Share this:
Like this:
Related
This entry was posted on June 10, 2026 at 9:00 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.