In the last couple of months we’ve seen medical image spam offers resurfacing with regularity. Image spam advertising meds is easy to recognize, with a prominent med promotion image in the body. The subject lines advertise the products’ effectiveness and include noise added in the image attachment to attempt to bypass antispam filters. These are old techniques that are still common in med spam.Spammers are also developing new tactics to attract visitors. They attempt to play mind tricks on the spam recipients, using warnings that are similar to what might be received from a system admin and personal greetings in subject lines—both attempts to lower recipients’ awareness in order to get their messages read. We’ve recently observed a round of med spam that is sent in ordinary e-postcard form. In these messages we see that the spammers are using warning-style subject lines in order to try to dupe recipients into thinking they are violating the legal policies of any sites related to them, or the spammers are utilizing personal greetings to catch recipients off guard. The following are some of these particular types of subject lines:
• Form: 30-days ban• Your IP blocked• Open position for you• Give your opinion• Respond to my mail• Are u online?• Don't you mind I ask?• Found you documents• Hold this information• I'm tired to write• Meet me in airport• My main mail blocked• No result, reply again!• See your photo• Seeking for you! Answer• So, meet me now• Where the heck are u?• Whoa, what's up?
The sample message shown below demonstrates the legitimate look of these emails, with links such as “Unsubscribe,” “Email opt-outs,” “Privacy policy,” and even forwarding links to popular social networks. All of the links in the postcard will redirect users to a typical med offer page.Sample headers:
From: "Randomized user name" <Recipient’s email address>Subject: Form: 30-days ban
From: "Randomized user name" <Recipient’s email address>Subject: My main mail blocked