Replica watches are all the rage these days. It seems with all the spam that I’ve seen lately about replica watches, they are the "must have" of the season. Come get your replica watch at hundreds and sometimes thousands of dollars off the retail price of the authentic version!
Replica watches are not a new thing. No, they have been hawked on the Internet and streets of major cities for a long, long time. What we at Symantec have recently been seeing, is wave after wave of email spam regarding replica watches over the past few days. Most of these attacks have been high in volume.
What specifically are theses spammers hawking? Replicas of Rolex, Cartier, Breitling, Omega, Hermes, and many other top brands. When you click on the link provided in the spam emails, the intent of the spammers becomes obvious as you are taken to Web sites with large pictures of the wares that they are trying to sell. Every time I open a link to a replica site, I can almost hear the distant call of a hawker on a street corner shouting out his wares, “Get your Rolex here! I've got Omega for you!”
I do not endorse the purchasing of replica watches via a spam advertisement, nor do I think they are the must have of the season. What season would that be anyway? What I find interesting is the apparent increase in this spam type with no direct correlation to anything. For example, we will usually see an increase in flower-related spam close to Mother’s Day and an increase in fine chocolate spam close to Valentine’s Day. Increases in products, like replica watches, usually occur closer to more general gift-giving times, like graduation and Christmas, which is why I am surprised that spam about replica watches seems to be peaking now. I think there would be a more lucrative time for this product.
In most of the replica watch attacks we’ve seen, the spammer has utilized the hijack technique as described in this past blog. The body is often a legitimate-looking message such as a newsletter, which (at the end or beginning) contains a URL to a Web site selling replica watches. The headers look like spam with the "from" and/or "subject" lines consisting of spam content. This should be a flag that lets the end user know that the message contained within is spam. As these messages are easily identifiable as spam by the Symantec Brightmail AntiSpam solutions, there is a high likelihood that you will not get your replica watch unless you go looking for leads elsewhere.