The Big Business of Spam: Adulterers beware, scammers may be targeting you

As you have probably heard by now, a group of hackers who call themselves The Impact Team recently breached the systems of Avid Life Media (ALM), and stole sensitive data from AshleyMadison.com. The group has since published a large cache of data that includes personal information from members of the site, and are making that data available online for download. To make the situation worse, opportunistic scammers are looking to capitalize on this unique opportunity for a financial gain of their own. To start, the scammers will send phishing emails suggesting that they have information on the recipient that will expose them as an AshleyMadison user. The scam methods they’re using are quite simple and common, yet highly effective when used as a scare tactic like this. Spammers often buy full lists of verified addresses (email addresses in this case) after a large breach, then target and attempt to solicit the users. Here’s how this particular scam works: An unsuspecting user will get an email titled – “Recent data leak, your details are there!” (image below) Once the user opens the email, they will see a note that implies that their personal information has been leaked along with the other 37 million people. At the end of the note, they are directed to click on a link that will direct them to a page that offers services from UnTraceMe. From there, they are directed to pay a fee of $19.95 to get their information secured and removed. (image below) After a spooked user agrees to pay the fee and clicks on the link provided, they are then directed to use a PayPal-like site to pay the fee and “secure their information.” (image below) What folks don’t know is that the leaked data can be retrieved by just about anyone, and will not disappear no matter what ransom is paid. At this time, Barracuda Labs has blocked over 1000 emails similar to the one imaged above, and depending on the monetary success that the spammers...

read more

The Big Business of Spam: Stay clear of these “too-hot-to-miss” sale opportunities from your Facebook Friends

We’ve previously warned about deals that are too good to be true (https://barracudalabs.com/2015/05/the-big-business-of-spam-dr-ozs-brand-new-trick-to-shed-27-pounds-in-just-one-month/) – and with summer in full swing, the Barracuda Labs team has seen more and more false domains like (rb-to.com, raybanglassesofhot.com and summer-raybans.com) popping up in feeds and social media timelines. Our Labs team ran a background check on the domains and many of them appear to be registered in China, including the domain listed above. While browsing your Facebook or Twitter timelines, you may have come across “sponsored ads” that seem too good to be true. Most can be spotted immediately and swiftly ignored; however, you may have been tagged in a post or received a message on your personal timeline posted by a friend, directing you to a killer sale. See figure 1 for an example. Figure 1. The example above shows an ad for Ray Ban, a popular sunglass retailer whose classic sunglasses range from $155 to $200, that looks as though it was shared by a regular user or even a friend on Facebook. The ad targets unsuspecting consumers looking to score the name brand sunglasses for up to 80% off. Figure 2. The idea here, like any scam, is to entice unknowing consumers to jump on the hot deals and “buy” the Ray Ban’s at such low prices. Once the links are clicked on, the consumer is redirected to what looks like a legitimate discount website that is offering deals with up to 80% savings on multiple styles, see Figure 2 and Figure 3 for examples. Figure 3. The phisher hopes that the deal is too good for the consumer to pass up and engages in purchasing the product. Here, the phisher is hoping the consumer will enter their personal data like first and last name, emails address, personal home address and credit card information, to then flip and sell to third parties. It is always smart to use best practices when shopping online. Here are a few tips: Do a bit of research and go...

read more

The Big Business of Spam: What Caitlyn Jenner Uses to Prevent Wrinkles and Stop the Aging Process

The cover for Vanity Fair’s July 2015 print issue was publicized on the Vanity Fair website June 1, and revealed the newly transformed, Caitlyn Jenner. The cover photo went viral reaching over 46 million people across Vanity Fair’s website and social media – with the internet virtually exploding. Jenner even beat President Obama’s record for reaching 1 million Twitter followers in just under five hours. With Jenner’s name in the headlines this week, it’s no surprise that spammers have jumped on the opportunity to try and use her likeliness to trick users into visiting sites to push beauty products in hopes to gain monetary value. So far, we’ve seen over 100K samples and variants of spam emails using Caitlyn Jenner as the lure to get people to click on compromised links. The emails all have different subject lines, but include the same content in the email body. The spam appears to be coming from possible compromised machines, most of which trace back to IP addresses in the United States. Figure 1 below is an example of the emails that are being sent out in large quantities, hoping to entice users into clicking on spammy links. The embedded links in the email titled “Caitlyn swears she just used this” and “Here is what went down” redirects users to the following website – http://www.goodbodyhealthtips.org/index.php?aff_sub=1394&aff_sub2=190076&aff_sub3=1021342e9d6b955d9a9c66e5ed3293 (labeled “wrinkle miracle”) – that pushes an anti-aging facial cream to prevent wrinkles, revealed by Dr. Oz called Dermakin Anti-Aging Cream. Figure 1 As shown in Figure 2 below, once on the page, the user will see the headline “Revealed by Dr. Oz! Jen’s Closely Guarded Secret For A Wrinkle Free Face” that is said to be featured in Yahoo!, Woman’s Day, VANITY FAIR, TIME, People and Aol. Figure 2 Figure 3 below shows that while on the page, the user will see “before” and “after” photos of stars like Ellen DeGeneres, Katie Couric, Goldie Hawn and Barbara Streisand who have allegedly used the wrinkle cream. Figure 3 At the bottom of...

read more

The Big Business of Spam: Dr. Oz’s Brand New Trick to Shed 27 Pounds in Just One Month!!

With a high obesity rate in the United States, people are looking for hope to find a miracle cure for weight loss. Unfortunately, spammers understand this and why it’s no surprise that Barracuda Central has picked up about 6,000 diet spam type emails since the beginning of 2015. With the Memorial Day holiday just passing, signaling bikini season, it’s also no surprise we have seen a rise in the volume of diet spam – showing just how intelligent spammers’ planning around the timing of certain types of spam are creating the big business of spam. Figure 1 One name that is often seen in the media in relation to cures for weight loss is Dr. Oz, who is no stranger to being scrutinized. Spammers often take advantage of his namesake and people’s hope for a weight loss miracle cure. In this specific email (figure 1), when a user opens a link, they will be directed to a news webpage that describes Dr. Oz’s weight loss discovery. This type of spam often displays names and pictures of well-known people, to try to entice the reader even more – Rachel Ray is used in the example below (figure 2). The site claims that “Pure Forskolin Extract,” (see Ad in Figure 3) which was actually introduced on the Dr. Oz show, is a “miracle pill” weight loss solution. It claims to burn body fat, and leaves the person with only lean muscle. Figure 2 Although the website is fake, part of the website’s content make it look legitimate to users. The first thing that the user will notice is the video of Dr. Oz advertising the Forskolin supplement that causes belly fat to melt. The website also uses content from healthierlivingdecision.com to make it look legitimate and mask the true nature of the site. But if the user clicks on any of the links on the website, including the registration link, it will direct them to the product page where they are prompted to enter their personal...

read more

(ISC)² Congress 2014 Review

Atlanta. Georgia World Congress Center. 70 degrees. Mostly Sunny. With a very hard-to-beat backdrop, this year’s (ISC)² Congress – held in conjunction with the ASIS 2014 Exhibition – brought tens of thousands of security professionals to Atlanta for nearly a week, and it was spectacular. It’s hard to say what was the most memorable event of the week — from the 8-year-old hacker Reuben Paul’s opening address, to retired General Colin L. Powell’s great speech in a packed house, to the hospitality of (ISC)² staff and volunteers.   Figure: Speak Reuben Paul at (ISC)2 Congress 2014 Atlanta With nearly one-hundred tech talks and panel discussions, attendees could find their favorite sessions easily from a variety of topics ranging from Application Security, Cloud Security and Mobile Security, to Forensics, Governance, Regulations, or Threats and Malware. We were proud to have Barracuda Labs represented among the distinguished speaker line-up. We presented a session about malicious activity on social networks, titled “The Wonderland of Malicious Social Networks” available here. We had a great turnout – and loved the feedback, especially seeing the social chatter around it (particularly this tweet referring to one of the slides showing big social data breaches – here).  This has been a very popular topic, in the conference circles as well as the media in general, particularly as more and more users flock to these networks. If you want to talk further on it, drop us a line in the comments or on Twitter @barracudalabs – and we’ll gladly take you up on it. All-in-all, it was a great event. Thanks to (ISC)², we’re already looking forward to the 2015 event to be held in Anaheim,...

read more

#IceBucketChallenge: Be aware of scam or insecure donation websites

The Ice Bucket Challenge has taken a lot of heat out of this summer. From neighborhood backyards, city streets or office buildings, people everywhere can be seen dumping buckets of ice water on their heads then uploading images or videos to Facebook or Twitter to raise awareness and funds to fight ALS. In addition to challenging three others, participants are encouraged to make donations online to the ALS association or other charity organizations of their choice. It is for a great cause. But, take caution, #IceBucketChallenge donors! There might be some hackers taking advantage of your kindness and donations. Hackers can easily set up a spoofed website that looks like any of those donation websites and spread the word on social networks to attract victims. Although we haven’t yet seen one specific to this campaign, you should always be very careful when using your personal and credit card information online. Additionally, it is possible that many donation websites use insecure ways to take information from users. So, two things to consider before making a donation online: Make sure the domain name and URL of the website are matched with what you are intending to go to (do not use your mobile device or tablet for these donations since the mobile sites only show partial URLs in the browser bar – you may get fooled). Make sure the website is secured with HTTPS.   Figure: Mydonate.bt.com is a secure site, but the shortened URL from linkis.com makes an insecure impression to...

read more