Surprising? Not the least bit. Spammers have always shown their liking for big names and brands. And very often these brands are abused to spread malware or gain access to users’ accounts. However, they are also sometimes used only to entice users to open emails. These emails may contain links to pornographic or pharmacy sites.
During recent times we have monitored spam attacks that have used the email templates of famous Internet brands such as Amazon, Apple, and now, Twitter. Using the email templates of well-known newsletters and notifications is a commonly known trick to make recipients believe the authenticity of spam email. Recipients may treat these emails as legitimate and may open them without any suspicion. Though this attack uses an old trick, we feel it is important that users are reminded about this type of spam campaign, which has been observed for over a month or so. We have seen variations in the email templates (as mentioned: first Amazon, then Apple, and then Twitter) along with different methods of spreading the messages. After the initial attacks were effectively blocked by email filters, we saw the same version of spam being sent using bounce messages. This means that these messages would later be received in the form of a non-delivery receipt (NDR).
Spammers are mixing this up nicely by randomizing the URLs using hacked websites. For example:
All of the URLs redirect users to spam pharmacy websites. We have highlighted (although blurred) the actual URL in the status bar in the examples below. Here are a few image examples of the spam messages:
With the multitude of types of spam messages designed to deceive email users, one cannot blindly open an email and trust the content open-heartedly. We recommend that users remain watchful and refrain from clicking URLs in unsolicited or unexpected emails.