Check Point Email Security | Blog

The BCC Attack

Written by Jeremy Fuchs | October 25, 2021

A simple, but effective, way to bypass traditional scanners is by adding the recipient as a BCC.

When rendered, the "to" field has "undisclosed recipients". That just means the field is blank. In the BCC field is the intended recipient. 

The hope is that the recipient will respond, a conversation will ensue, and eventually, money or information will be exchanged.

This is clear spam—in fact, there's no McInnis Parkway in San Jose. But it's another way that hackers have found, with success, of getting into the inbox.