Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Response

Beware of Fake Gift Offers for Father’s Day

Created: 10 Jun 2013 13:27:32 GMT • Updated: 23 Jan 2014 18:06:44 GMT • Translations available: 日本語
Anand Muralidharan's picture
0 0 Votes
Login to vote

A lot of people are counting down the days until they can express their appreciation and love towards their dads by giving them gifts for Father’s Day, which is celebrated on June 16. Last month we published a blog called Spammers Continue to Exploit Mother’s Day, now it’s the turn of Father’s Day, as spam messages have started flowing into the Symantec Probe Network. Most of the spam emails attempt to encourage users to take advantage of product offers, fake surveys, and replica watches. Clicking the URL contained in the spam message automatically redirects the user to a website containing a bogus offer.

Figure1_1.png

Figure 1. Gift offer spam

Figure2_0.png

Figure 2. Product spam related to Father’s Day

Spammers will always try to take advantage of unsuspecting users by asking them to input personal information to avail of bogus offers for purchasing products. Symantec recently blogged about the rise of .pw URLs in spam messages and we are currently observing an increase in spam messages containing the .pw top-level domain (TLD) URLs in and around the times of major events, festivals, and holidays. Below are some examples of the From header, using .pw URLs, that have been observed in Father’s Day spam:

  • From: “Personalized Father's Day Gifts" <support@[REMOVED].pw>
  • From: Quick Father Gifts <cigarformen@[REMOVED].pw>
  • From: Cigars for Dad <cigarformen@[REMOVED].pw>
  • From: Fathers Day Cigars <cigarformen@[REMOVED].pw>

Figure3_0.png
Figure 3. Fake discount spam using Father’s Day as a lure

Spammers invite users to purchase the advertised product with a bogus coupon code and make false promises such as claiming the “materials used are the same as original.” The discount codes used in the spam attacks, such as dad[RANDOM NUMBERS] and father[RANDOM NUMBERS], attempt to lure users into clicking a link in order to take advantage of the Father’s Day offer.

Figure4_0.png

Figure 4. Fake product discount spam

Symantec is observing an increase in spam volume related to Father’s Day, which can be seen in the following graph.

Figure5.png

Figure 5. Volume trend of Father’s Day spam

Below are some of the subject lines used in this latest spam campaign:

  • Subject: 15 Cigars for 29.95 (68% off Fathers Day sale!)
  • Subject: The perfect gift for Fathers day only costs 32% of the original price!
  • Subject: Regarding Father's Day orders
  • Subject: Personalized Gifts for All The Dads In Your Life
  • Subject: Top Personalized Fathers Day Gifts
  • Subject: Get relief from chronic spine conditions. Father's Day Discount Available
  • Subject: Don't forget your father
  • Subject: Don't forget about your father
  • Subject: Complete our Father's Day Survey and Claim a $25 xxx Gift Card
  • Subject: Endoscopic alternative to neck and back surgery is here. Father's Day Discount Available

Symantec advises users to use caution when receiving unsolicited or unexpected emails. We are closely monitoring Father’s Day spam attacks to ensure that users are kept up to date with information on the latest threats.

Have a safe and happy Father’s Day!