Spammers habitually exploit the reputations of brands for their benefit. As more and more people become connected through social networking sites, it is no surprise that the trust and reputation earned by these websites is misused by spammers. We are monitoring spam attacks this week that try to take advantage of the burgeoning social networking brand Twitter for two spam campaigns: make money fast (MMF) and dating spam.In the MMF attack, a URL is provided to order a “Risk-Free Twitter Profit Software” kit. When the user clicks on the URL in the promotional email, he or she is redirected to a Web-form that asks for personal information such as name, email, and address. This is followed by another form asking for your credit card number, expiration date, and security code. Below are some of the subject lines used in this latest MMF spam:
Subject: Twitter Guru Reveals All On VideoSubject: Use Twitter to make moneySubject: Teenagers are playing online and making grundles of money.
In the other related spam attack, the Twitter dating site Datetwit is targeted. Various recently registered spam domains are used in the links, which lead users to enter Twitter credentials to log into the dating site. In an attempt to hide from anti-spam filters, email messages are obfuscated with legitimate content.Below are various header lines and URLs used in the dating spam:
Subject: re: If you Twitter you'll Love DateTwit!From: "DateTwit" <DateTwit_kv@[removed].com>From: "DateTwit" <DateTwit_hoybfks@[removed].com>From: "DateTwit" <DateTwit_vf@[removed].com>From: "DateTwit" <DateTwit_bxrf@[removed].com>http://bcxtc.lblj.[removed].com/dlvn-[removed]/mdho/orumdujv/....http://krlu.jfmcso. [removed].com/nxrg-[removed]/bi/hy/jmiihro?yraeu=….http://ovdyiqh.se. [removed].com/tae-[removed]/hfdua/dbywnofo/….http://jk.pwh. [removed].com/vkdx-[removed]/iamvn/kstpqg/lavh?bb=….
With these attacks, spammers hope that they can lure recipients into action by hiding behind the reputation of social networking brand that continues to grow in popularity. Please remain cautious of any unsolicited messages that are received from an unknown or untrusted source. Never divulge personal information unless you are absolutely certain you are dealing with a reputable organization who will handle your information securely and properly.