Video Screencast Help
Security Response

Career Opportunities @ Spammers.EDU

Created: 02 Oct 2009 13:12:57 GMT • Updated: 23 Jan 2014 18:32:27 GMT
Mayur Kulkarni's picture
0 0 Votes
Login to vote

Online degree spam has been around for years. However, nowadays these spam campaigns aren’t just limited to passing degree certificates (super fast - within days or weeks), but they also focus on directing recipients to specific degrees. For example, it is common knowledge that there is a shortage of qualified nurses in the US—there are many media reports on the subject. When we examined these attacks over the last six months, we found that spam campaigns for nursing degrees placed in the top five degrees promoted by spammers. Similarly, the shortfall of manpower has also been noticed in the field of law enforcement and accordingly, spammers are advertising more on this career option.

The top five degrees advertised through spam are:

1.    Police Officer
2.    Federal Agent
3.    Nursing
4.    Culinary Arts
5.    Teacher

Other degree options provided and promoted outside of the top five are: Crime Scene Investigation (CSI), Ultrasound Technician, Pharmacy Technician, Radiology, Photography, Paralegal, and Medical Billing.

We also attempted to determine the frequently used words in the message headers:
 
1.    From header: Most of the time this header will indicate an urgency along with obfuscations. “Needed” is the word that is monitored in these instances.

Examples:
+++NURSES NEEDED+++
TEACHERS NEEDED
POLICE OFFICERS NEEDED

Photography Schools
CULINARY TRAINING

2.    Subject header: This header encourages a recipient to pursue a particular career.

Examples:
    Become a CSI !!!
    Become a Ultrasound Technician
    Become a Teacher
    Become a Chef !!n

Advance your career as a Nurse
Go to school without paying out of pocket
You don't need money to become a Medical Assistant.
Scholarships are available for your training!

The text shown in bold is often exchanged in both the headers – Subject and From header. We have been effectively blocking these attacks and see no immediate threat to Symantec users.