Week in review: May 6 – 13
two-week run as top word in spam
Ranking first in our
spam top for two weeks in a row, the word WebMD has been identified by the
BitDefender spam researchers in unsolicited advertisements coming from the
Canadian Pharmacy business. Unlike the previous week spam waves that directed
users to URLs built around the “Pfizer” brand, the fresh message batch sends
those who click on the embedded links to domains composed of the words “new”,
This type of spam uses
only two distinct mail subjects with multiple variations in the discount
percentage, as seen in the image below:
As usually, all the
hyperlinks included in the mail’s body have been tampered with in order to take
the user to the Canadian Pharmacy website.
Pharmacy hates PRIVACY
Ranking second in our weekly spam top, the word
PRIVACY has mostly been detected in messages also coming from the Canadian
Privacy business. Impersonating a legitimate newsletter sent by the Health
Central service, the actual message has been tampered with and all embedded
links have been redirected to Canadian Pharmacy website clones.
important MESSAGES? How about some spam instead?
The word MESSAGES has
been identified by the BitDefender researchers in multiple spam waves, this
week’s largest wave of unsolicited mail abusing it is a classical Nigerian /
identity theft scam. Just as usually, the recipient is presented a long and
complex message aimed at gaining their confidence. In order to complete the
picture, the scammer throws in a large amount of money that would be to the
user’s disposal as soon as he / she sends in some ID card / driver’s license
copies to a specific fax number.
Once replied, these
scams can have devastating effects on the conned user, including identity
theft, prejudices to the banking balance and even incidents with the
international law enforcement organizations.
tips and tricks
As we discussed in our
previous issues of the Spam Omelette, unsubscribe links are often tampered with
to take the user right on the advertised web page, or worse, to an unsubscribe
form where personal data is collected and abusively logged in a spam / identity
retailers such as Canadian Pharmacy and PowerGain+ are two of the most
important spammers out there that heavily rely on unsubscribe links in order to
deceive their recipients
spammers back via MSN
The word MSN ranks last in this week’s issue of
the Spam Omelette, and is frequently used in a less usual spam campaign. The
Japanese spammer advertises the services of an electronics online store,
especially heavily discounted iPhone devices. Orders are taken via two
disposable e-mail addresses registered
with Yahoo and MSN, respectively.