As we enter August, Symantec takes note in the State of Spam Report that spammers are continuing to attempt to entice users to open their messages by sensationalizing false news events. Popular targets of this headline or tabloid spam include current public events and figures, such as Obama and McCain.
In July, some of the subject lines observed were:
- Beijing Olympics cancelled
- Beijing postpones Olympics due to McCain-Dalai Lama meeting
- Mccain Says Unsure If Obama A Secret Hippopotamus
- Kick-up - Obama speaks in London - video
In the samples observed, the URLs were hosting malicious code (malware). There is a continuing link between spam and other security threats with a penchant for spammers to utilize current events to lure users to open their messages.
Also seen last month was a spam message containing both a proclamation of the start of World War III in the text and a Trojan virus attached to the message. This is another example of spammers banking on human curiosity to open messages with sensational headlines and click links by utilizing current events, which in this particular case happen to be false.
Important to note is the prevalence of malware associated with such spam types. Victims too frequently succumb to curiosity and sensationalism rather than resisting the lure to open messages and further clicking the links. If the headline – or in this case subject line – seems ridiculously sensational, it probably is. If you do open the email, make very sure not to click any links. Instead, use your browser to navigate to a reputable news source and check to see if the headline is true.
Also observed by Symantec in July was a fraud attack targeting Microsoft’s POP3 users. The spam email states that the recipient has a POP3 setting problem and needs to click on the URL in the mail to confirm the account data. The body of the email shows simple warning text informing the recipient that the message comes from Microsoft and detailing what the issue is. There is also a URL for the recipient to click to renew their POP3 data. Of course, the URL does not lead the recipient to the correct Microsoft Web site but a hacked Web site, which is being used to obtain personal information from the recipient.
So far, the volume of this particular attack is low. Whenever messages such as this are received, please practice due diligence by verifying the origin of the message and checking out the validity of the URLs. You should always use caution when giving out any personal information online because you never know exactly who is asking for it or how the information will be used.
For more on the above and other highlights, please see the August State of Spam Report.