The Spam Omelette #30

1. EMAIL back in the top

Extremely popular within our previous issues of the Spam Omelette, the word EMAIL has made a comeback this week as top word in spam. The word has been identified by BitDefender's spam analysts in messages coming from Canadian Pharmay. The message reads "I changed my email", but the email headers have been forged to look as if it had been sent from the recipient's account. These techniques help the spammer not only to trick the user into opening the message (as he / she believes that it comes from an acquaintance trying to keep in touch, but also to bypass the email client's spam filters based on the Trusted Senders' List.

2. Scammers say PLEASE

Although the word PLEASE has been spotted in our previous issues of the Spam Omelette in newsletter footers, this week's messages abusing the word are coming mostly from Nigerian scammers. Two particular messages are shown below:

This is a classic advance-fee scam - as the user replies the message, they will be advised to purchase the first batch of vaccines at their own expense, and then to sell them to the "company" for a large share of profit. The minute money is wired, the user would never hear from mr. John Whitaker.

Another variation of this mail involves the acquisition of BORBAKIN Cleanser, a substance allegedly used in gold processing. Remember, if something looks too good to be true, it surely is!

The second spam wave is a classical scam aiming at stealing personal information for identity theft / credit card fraud. When contacted back, the scammer requests personal information such as a copy of the driver's license or ID card, along with address, phone number and social security number. For your own safety, please do not disclose any sensitive information to unknown senders.

3. PRIVACY at risk

Ranking third in our weekly spam top, the word PRIVACY has been detected in messages impersonating legitimate newsletters. Most of the alleged newsletters come from Canadian Pharmacy, the infamous online business selling prescription-based / non FDA-approved drugs.

4. UNSUBSCRIBE links not dead - just useless

Unsubscribe links are usually associated with spam impersonating legitimate newsletter. During the last weeks, these types of spam used to feature unsubscribe links that validate users' email addresses against a spam database. This week's templates, however, only take the user to the advertised service.  As usually, the most aggressive spammer using the unsubscribe technique is Canadian Pharmacy.

5. Bargain PRICE for replica watches

The word PRICE ranks fifth in our weekly top and has been mostly detected in product spam advertising knock-off watches. Although advertised as top-notch products, these replicas are cheap imitations of the genuine brands.