Cybercriminals are using a high-volume spam campaign featuring phishing messages with randomized headers and changing templates to attack organizations, according to Trustwave, a Top 200 MSSP for 2019.The spam campaign, dubbed "Chameleon," was first identified by Trustwave SpiderLabs researchers on Aug. 14. Chameleon spam messages originated from across the globe and had similar unique email header and body characteristics indicating that they were being sent from the same botnet.The Chameleon botnet sent out a wide range of spam variants, including:Fake Google personal or private messages. Fake email account security alerts. Fake broken or undelivered email messages from a mail server. Fake LinkedIn message and profile view messages. Fake FedEx delivery notification. Fake airline booking invoice. Each Chameleon email featured a brief subject line to lure a victim to open the message, Trustwave noted. The email body also was brief to encourage a victim to click on a malicious link, and many of the lure URLs embedded in Chameleon messages consisted of WordPress websites.