From bank accounts to credit card numbers, personal information is at high risk as spammers are very fond of gathering data that will sell on the underground economy. Therefore, users are advised to be cautious and not expose their information (i.e. don’t submit personal details to questionable sites). So, what would you say if there is a service that protects your personal identification, such as a Social Security number? Would you be interested and want to find out more details? The answer should be “NO” if this offer is from a spammer.
Symantec has recently observed a message that appears to be a direct service promotion from an identity theft protection company, claiming that they can keep Social Security numbers away from risk:
If you are a resident of the United States and haven’t already filed your tax returns, maybe you should consider reading the following blog post. The countdown to “tax day” (April 15 in the United States) is currently in full swing, with the IRS offering daily tips for filing.
The run-up to tax day in the United States has traditionally become a time when phishing directed towards the IRS becomes more prevalent. As reported in previous Symantec State of Spam reports, spammers continue to attempt to disguise themselves as the IRS, dangling tax refund offers in front of unsuspecting users.
These “offers” are aimed towards recipients who may be unaware that the IRS “does not initiate communication with taxpayers through email.” The purpose of these attacks is...
During hard economic times, people look for ways to save money. Spending money on necessities such as tax preparation is no exception. Recently, spammers have been offering ways to save money on tax preparation as a means to enter a user’s inbox.
Below are some examples of subject lines spammers are using to lure users into opening messages:
File Your Returns Now! TaxAct Online Home of the Totally Free federal tax return. Prepare Free Print Free IRS e-file FREE Click the link below to start your tax return
These messages are not just limited to taxpayers in the United States. Since spammers are part of international underground corporations, other countries fall victim to spammers’ tactics as well. Our technicians have monitored emails directed to the people of France using the same principle. Here is an example:
It seems malicious attacks on job seekers were not enough. We are now seeing MMF (Make Money Fast) spam also stepping up to exploit the financial situation. Recent spam related to the recession included fake job offers as well as rejections. Some of the spam offered to help recipients out of the recession by making available financial help within 24 hours or less, without considering their credit ratings.
We will discuss MMF spam in this blog - one of the categories which targets users hit by the recession. This particular technique includes spammers sending plain text e-mails with phone numbers inside the message, enticing the recipients to call and earn easy money. This may not be a new spamming method; however it is the dire situation that spammers are cashing on. Some of the subjects related to ‘recession’ include:
As the Internet community continues to pay more attention to the reputation of websites and email senders, spammers are doing their best to hide behind well-established and reputable brands. Social networking sites have for some time now been used by spammers in the spam war. As more and more people become connected through social networking sites, it is not unusual to receive notifications of status update or sharing information from your friends. Symantec has recently observed a number of spam attacks claiming to be messages from various social networking sites.
One recent sample attempted to attract the attention of the recipient by using the following tactics: 1. Claiming to be from a social networking site 2. Indicating in the Subject line that message was from a social networking site 3. The message indicated that the recipient had a personal message.
When somebody throws us a challenge, we get ready to tackle it. There is nothing wrong with taking a challenge; however it is not wise when such tests are marked with trickery, and can cause financial losses. We have observed recent messages, where the spammer challenges the recipient to an IQ test. The challenges can be found in the following subject lines:
How smart (or dumb) are you? Someone Thinks You Are Dumb - Take The Quiz and Prove Them Wrong! TestUrIQ Pick Your Brain With This Quiz
By clicking on the URL inside the message, the user is redirected to the page in the graphic below. This page informs the user of the current high IQ score and invites them to take a test. The page also describes the terms of the quiz, and that results will be provided to the user upon completion of a mobile game subscription offer. These terms are placed at the bottom of the page with a small font...
Given the ominous subject line, “Take care about yourself!” [sic], fear mixed with excitement might propel some recipients to disregard security consequences and click on URLs that link to malware. In this recent spam example, geo-location services were used to target the recipients of the message. Depending on the relative location of the message recipient, the location of the fake terrorist attack mentioned in the text of the message differs.
In one particular location the spammer indicated that there was a “Powerful explosion burst in San Pablo this morning,” and in another they indicated that there was a “Powerful explosion burst in Pune this morning.” Then, there is a brief description of the “attack” including, “At least 12 people have been killed and more than 40 wounded in a bomb blast“ and “explosion was caused by 'dirty' bomb.” The logo of a prominent news wire service was added...
Similar to the topic of the economy, everyone is talking “green” these days, and it’s not just with St. Patrick’s Day occurring today, March 17th. With the renewed attention on environmental responsibility, spammers seem to have become inspired and have decided to contribute with green spam. This recent contribution has helped to ensure that spam levels in February 2009 averaged 86% and has pushed spammers one step closer to obtaining their own “pot of gold.”
In his recent address to Congress and America, President Barack Obama struck a note of optimism, declaring that the Unites States’ best days are ahead even if, at this moment, the future looks bleak. Unfortunately, in March 2009 the economy has become one of the factors contributing to the spammers’ unique version of a stimulus plan. Some recent examples of the economic stimulus spam plan included: job seekers becoming targets of a spam attack that included...
Seminar spam often competes with fake invoice spam for the top position in Chinese language spam. Chinese seminar spam is sent out in a manner that is similar to a legitimate and regular business training course or seminar/presentation invitation.
Like any real seminar, Chinese seminar spam identifies the purpose, location, time, and workshop details. Application fees and contact information are required to access the “offer.” Chinese seminar spam often takes a similar pattern to Chinese language fake invoice spam as outlined in an earlier blog post. We’ve seen Chinese language seminar spam evolve from using plain text, Microsoft Word, PDFs, and graphic attachments in the last five years in varied attempts to bypass antispam filters.
In the legal realm, certain spammers have, from time to time, occupied the defendant’s chair. In a recent spam attack it seems that a spammer wishes to change this legal position and become the “pied piper” in some class action lawsuits.
The FDA first approved Avandia in 1999 to treat type 2 or adult onset diabetes. In February 2009, a spam message relating to this drug was reported to be making the rounds. The message comes with the following subject line: “Have You Taken AVANDIA? Important Lawsuit Information.” The spam message indicates that “If you or someone you know has taken Avandia you or that someone or their family may be entitled to monetary damages.” A URL link is available for the recipient to click on to “Begin Your Free Review Form.”
Everyone is talking about going green these days, and it’s not just because St. Patrick’s Day is around the corner on March 17th. The Obama administration has recently reiterated its efforts to create "21st century jobs that improve energy efficiency and utilize renewable resources." With the renewed attention on environmental responsibility, spammers seem to be inspired and have decided on contributing with green spam.
We recently observed a spam attack with a message claiming that the recipient could lower their electric bill to $0.00 per month, with the possibility of even getting a power company to pay the recipient for the use of any excess energy produced. Among the reasons provided by the spammer as to why this offer should be accepted was: “You will be able to protect your pocket book during these recession times and spend money on more important things...”
The green spam “offer” included the following testimonials...
From Martha Stewart to Anna Kournikova—even the White House has one—blogs and microblogs are all the rage, with the ability to self-publish one’s thoughts and experiences for the world to read. The Symantec Security Response spam blog has recently published a myriad of posts documenting the ever-changing spam landscape. Symantec’s antispam team has blogged about recent spam attacks, such as Russian bride spam, spam attacks targeting job seekers, and even Turkish-language spam; so, it is fitting that a recent spam message observed by Symantec related to getting “paid” to write blogs should be discussed here.
The spam message claimed things like “freelance writers are needed” and “post in blogs”—all packaged together nicely with an offer to get paid anything from $12 to $50...
Phishing emails are sometimes known to elicit emotions such as fear, uncertainty, and in some cases panic. One particular type of phishing message will normally contain a warning that attempts to convince users to click on fraudulent links. Often, these warnings are in the form of fake “Account Update” or “Account Restriction” notifications, and contain a variety of features designed to trick the recipients into thinking that the email is genuine.
We recently came across an interesting Russian sample, which displays yet another method used to deliver the “fear factor.” The fraudster introduces him/herself as a thief who has stolen money from the recipient of the message, and states that the money will not be returned. The obvious attempt here is to trick the recipient into reacting with panic. The scammer will be hoping that panic will lead the user to try and check out whatever information is available in the message, and in this case the...
In our earlier blog post on Italian spam, we reported seeing spammers testing their spam in local languages, perhaps for better acceptability in that respective region. Spammers are trying to understand the requirements and psychology of the local population, and therefore are working on their messages to gain as much attention and profit as possible. This work mainly includes the use of a local language in the message to give it an authentic look-and-feel.
Spam content in such emails may have been translated from an English version, perhaps using free language translation tools on the Internet. Another option is to have the desired text translated to native languages by a professional translator and then use it for spamming.
In the Turkish spam sample below, spammers are offering recipients the chance to learn and enhance their English know-...
Following closely on the heels of Valentine’s Day spam, a new wave of Russian bride spam has emerged. During the final analysis on Valentine’s Day-related spam, it became apparent that as the holiday approached there was a 700 percent increase in spam messages with a Valentine’s Day theme. The biggest increases by percentage were seen in the phrases “February 14,” with a 200 percent increase; “Valentine’s Day,” with a 500 percent increase; and last, but certainly not least, the term “Valentine” experienced a 9,000 percent increase as Valentine’s Day came and went for another year.
Russian bride spam has been around for a number of years now. With previous Russian bride spam examples, the recipient was encouraged to communicate over email with a prospective bride. However, the problem with...
