Print | Send on Yahoo! | PDF version | RSS | Filed Under: SPAM REVIEW

The Spam Omelette #27 – PRIVACY Spotted as Top Word

Welcome to this week’s issue of the Spam Omelette, BitDefender’s report on spam trends and techniques. If you happen to have joined later our newsletter, please do have a look on our testing methodology and spam map generation procedures before proceeding with today’s article.

Week in review:  May 20 - 27

1. No PRIVACY  in Spamland

The word PRIVACY has been identified in messages coming from notorious virtual medicine shop Canadian Pharmacy. Most of the messages in the campaign are designed on a HTML template from WebMD, a legitimate health news company. Please note that the WebMD logo and other visual identity elements have been abused over time by Canadian Pharmacy, but they are not related in any way to the online shop. As WebMD officials state, they have a strong opt-in newsletter policy and do not condone Canadian Pharmacy's products or spam campaigns.

As usually in Canadian Pharmacy's spam messages, the privacy and unsubscribe links have been tampered with in order to lead users to the Canadian Pharmacy index page.

 

2. Spammers say PLEASE

Ranking second in our weekly spam top, the word PLEASE has been identified particularly in spam messages of an interesting flavor: the spammer uses Nigerian scam approaches not for advance-fee purposes, but rather to collect sensitive information such as full name, address, occupation and copies of ID cards - all of which would subsequently used for identity theft and/or credit card fraud.

These messages are particularly dangerous, so please make sure that you do not disclose sensitive information about yourself to untrusted / unknown persons, especially when such requests come by mail or phone.

 

3. CLICK here for medicine, phishing and virtual tours

The word CLICK is undoubtedly extremely popular among spammers. It can be identified in about any unsolicited email message out there. This week, BitDefender's spam researchers identified the word in multiple mail messages advertising sexual medication, software used for panoramic tours and e-banking phishing letters.

While Canadian Pharmacy spam and other medicine-related content is unlikely to cause security problems to the unwary recipient, phishing attempts can dramatically impact on their banking balance.

Please note that banks would never contact the user by mail - when in doubt, contact your bank by phone or directly at the nearest brick-and-mortar unit.

 

4.  E-MAIL  strikes back in Canadian Pharmacy uniform

Ranking fourth in this week's issue of the Spam Omelette, the word EMAIL (also spelled as E-MAIL) has been detected in messages mostly coming from Canadian Pharmacy. Disguised as newsletters from various online stores, the messages feature a centered image linking to one of the Canadian Pharmacy websites.

This week, most of the Canadian Pharmacy spam redirects the user via a Russian portal (www.zmelika.ru - the domain mane uses the Cyrillic alphabet rather than the Latin one) which not only that performs the redirect, but also keeps tab of which e-mail address has clicked on the link - a form of email validation that allows the spammer identify which mail addresses are being operated by a human user.

 

5. DRUGSTORES coming soon in an inbox near you

The Word DRUGSTORE concludes this week's spam top and has been spotted especially in messages coming from Canadian Pharmacy and its affiliates. This specific spam wave uses a standard, plain-text template and advertises significant discounts to all Pfizer products. Obviously, the Pfizer brand is being abused, as most of the Canadian Pharmacy products have not passed FDA approval and are not related to the genuine drugs produced by Pfizer (the owner of the Viagra brand).