Exposing the dark underbelly of fraudulent email campaigns
Before we get into the nitty gritty, let's define Spamvertising. Spamvertising is the combination of the words "spam" and "advertising." It's the super nasty stuff that arrives in your email inbox and, recently, even in your Facebook messages.
All you have to do is click on one link within a message and spamvertising sends you to fake pharmaceutical, pornography, credit card, gaming, or company websites in the hopes that you'll fork over your personal or financial information.
Cybercriminals lure you into visiting these vandalized websites through some relatively convincing messaging, which is usually laced with some sort of urgent request. And while recent collaborations between email and website providers are making progress toward obliterating spam, our natural curiosity to click remains a boon for cybercriminals.
So let's take a look at three spamvertising campaigns that have been uncovered by our very own threat blogger extraordinaire, Dancho Danchev, so that we might be better prepared for the bad stuff in the future.
Lesson 1: Spamvertising Facebook
This is an example of a spamvertising campaign that uses Facebook as a vessel for fraud.
This message doesn't look like the junk you get in your email inbox, so you may be swayed to click on the link. Besides, the message could be about those Snoop Dogg tickets your friend was supposed to buy you for your birthday. So imagine your shock when the ostensibly truthful message directs you to the pharmaceutical items shop below.
Ding, ding! You've been spamvertised.
So how do you know that the above message is spam? One clue is the spelling error. Did you catch it? They spelled the word "receive" incorrectly, and spelling mistakes are typically red flag for scams. Another clue is that Facebook messages have a link at the bottom of the message that directs you to unsubscribe or edit your Facebook email notification settings.
Lesson 2: Spamvertising Familiar Companies
In this example, cybercriminals imitate Hallmark to entice you to click.
Once you click, however, you won't be getting a lovely e-card from your long-lost cousin, Randy. Nope, you'll get a harrowing malware injection instead. Spamvertised again!
So what are the clues that this fake Hallmark message is spamvertising? Well, the weird capitalization and formatting are a few clues-we know this from the last example. But another way you can figure it out is by hovering over the link-but don't click!–to reveal the real website destination. For most Internet browsers, once you hover over a link, the destination URL is shown at the bottom-left corner of your window.
Lesson #3: Spamvertising Credit Card Carriers
Cybercriminals have also found success by impersonating Citibank and other card carriers.
Can you sense the urgent tone of this email? "Failure to provide," "account suspension," "unauthorized login"–these phrases cause a reaction in our brain that begs us to fix the situation. But once you click on that link, you'll be exposed to a fraudulent Citibank-themed web site that requests–er, steals–your account data. Doesn't the site below look real?
So what are the warning signs in this message? If you used the previous two examples as a guide, you probably spotted the formatting and grammatical errors. You may have even noticed the strange wording on their link. Nice job. But there is one more clue that is inherent of most spamvertising: The email is not addressed to you personally. Impersonal greetings such as "Dear Client" or "Dear Customer" are an easy ways to spot spam (your credit card company should probably know who you are, right?).
The cybercriminals are getting smarter, despite their inability to formulate logical sentences. For example, in an attempt to bypass anti-spam filters, spammers are now using image files containing the message of the email, instead of using plain text and the simple characters that typically trigger anti-spam mechanisms. That's a smart workaround.
The truth is, many of us will be tempted to click on their bogus messaging (curse you, curiosity!) no matter how much education we have on the subject. Be vigilant when interacting with email from unknown sources.
So before you move on with the rest of your day, take these 7 spam-spotting tips with you:
Webroot® SecureAnywhere™ Essentials and Webroot SecureAnywhere Complete customers receive automatic spam and phishing protection. Click here to learn more.