Recent news or events that attract human interest always help spammers fuel their spam campaigns, since current and often legitimate headlines are used in spam email to catch users’ attention. The latest activities in South Korea and North Korea are generating interest globally, and spammers are using this news to their advantage. We’ve observed spam samples in which news articles referring to the suicide of former South Korean president Roh Moo-Hyun and the recent nuclear and missile tests conducted by North Korea are misused by spammers in product promotion spam and phishing attacks.In this typical scam story, the URLs of reputed news agencies reporting on this event are provided at the bottom of the email to gain the trust of recipients. Interested users are requested to communicate only over email. Needless to say, spammers are probing whether or not email accounts are active in order to include them in future spam campaigns, or to employ further fraudulent activities.
In another example, the spammers have exploited the “send link to a friend” feature that is often provided by legitimate websites. The “send” link associated with news of the former South Korean leader’s suicide directs users to a form where they are asked to fill in the email addresses of the sender and recipient. Sending this news link results in recipients viewing a spam-styled personal message in the email body. Subject: <news agency name> News Story – Former SKorean leader leaps to death over scandal
In recent health spam email examples, various subject lines use news of nuclear and missile tests conducted by North Korea. The URL provided in the email leads users to open an online pharmacy website.Some of the various headings seen in these emails are:
Subject: Rockets out of control! KoreaSubject: North Korea may fpire more missiles: S.KoreaSubject: U.S. Can't Stop N. Korea MissileSubject: SKorea Opposes Military Reaction to NKorean LaunchSubject: Report: N. Korea preparing for missile test
Spammers will try all possible ways to entice users to open and act on an email. However, in the background they are actually collecting personal information or promoting fake or questionable products for their own benefit. As always, Symantec advises that email users ignore such unsolicited and unexpected emails.