When one thinks of Christmas, an aura of emotion arises. We are reminded of our family reunions, Christmas carols, that aroma of turkey being roasted, the cakes and pastries - don’t forget the Christmas gifts! But before we can wish you a merry Christmas we would like to caution you as you prepare your Christmas shopping list.
Please be careful, especially when you do your Christmas shopping online. Spammers are offering a plethora of fake offers, replicas, medication, and loans at unbelievably low interest rates, as is customary, during this season. Don’t get carried away by their cheap offers because no haute couture brand offers their products at such throw-away prices. We again would like to remind you not to get lured into giving your email credentials without first finding out that the Web site you are shopping on is legitimate and real.
We would like to highlight a few more tricks that spammers have pulled out of their hats this Christmas:
So far, one of the favorite trends employed by spammers is the use of tiny URLs [example: domain.com/abc123] to redirect users to their spam sites.
The next observation is that they have sewn seeds of illusion that we are on the path to an ‘economic recovery’ and that now is the time to throw your fears away and step out to enjoy a really cool and cheap vacation that THEY are offering this Christmas!
Normally spammers begin their Christmas spamming activity around mid-November, but this year they got started on it in October - around Halloween! Spammers know well that this year the economic scenario is not that healthy and the consequence is that consumers are going to be quite discreet in spending. Please refer to our earlier blog ‘Spammers are Ready with Christmas Gifts’.
The spam attacks this Christmas have been quite unique. They can be segregated into three types.
· The usual hit-and-run spam type
· Virus attachments
· Spam phishing mails
Here are a few subject line samples to keep you abreast of these latest trends:
· Subject: CHRISTMAS OFFER !!!!!!
· Subject: XMAS/END OF YEAR BONANZA
· Subject: Be Ripped and Hung this Christmas
· Subject: Just in time for Christmas - cheap watches
· Subject: Christmas Pre-orders
· Subject: Be Ripped and Hung this Christmas
· Subject: Custom Letters From Santa
· Subject: Custom Santa Letters
· Subject: Great Christmas Gift Idea
· Subject: Letter From Santa
· Subject: Letters From Santa Claus
· Subject: Official Santa Letters
· Subject: Personal Letter From Santa
· Subject: Personalized Santa Letter
· Subject: Santa Claus Letters
A sample snapshot of an attack.
Another important variant was a virus attack with the following subject line:
Subject: Fw: Merry Christmas!
Virus name: W32.Erkez.D@mm
Spammy phishing email
It is a new twist to see Christmas offer spam. Recently we encountered a bunch of spam messages promoting various fake product offers that are also phishing at the same time.
A sample screenshot of a phishing email.
In this phishing attack, the spoofed brand is a major online shopping Web site where several products are available with various offers.
Symantec advises users to be cautious, as spam attacks are getting complex. Don’t take a chance; update your anti-spam signatures regularly to avoid your personal information from getting compromised and your computer from getting infected. During this Christmas season and during Thanksgiving, don’t let spammers ‘TurkeyYou’!
All of us here at Symantec wish you a Merry Christmas!
My thanks to the co-authors of this blog: Christopher Mendes and Anand Muralidharan.