The Big Business of Spam: Don’t Click These Links or, “You’re Fired!”

Jan 20, 16 The Big Business of Spam: Don’t Click These Links or, “You’re Fired!”

Posted by in Email Security, Uncategorized

A new year may have begun, but the big business of spam is still very present. Barracuda Central has recently detected a new spam tactic that uses Donald Trump’s name and image in make-money-quick schemes. Regardless of political or personal views, Donald Trump is a name that most people know. Spammers are very much aware of this, and are using it to their advantage. Get-rich-quick schemes are not new to the big business of spam, but the tactics to get recipients to read these spam emails are always changing. Specific to these ‘Donald Trump’ messages, spammers are using these angles of enticement: A mainstream name in the media (‘Donald Trump’) Words or phrases similar from actual news conferences (‘You’re Fired!’) An email alias that disguises the spammer as a Trump or a legitimate news source (ex. CNN, see Figure 1) Figure 1These tactics are designed to make the spam email seem more legitimate, making the recipient more likely to open the message. Tactics to look for specific to this scam: First, the subject line: “Donald Trump reveals simple plan to help every American earn more money.” The subject in itself is enticing to the recipient since it uses a mainstream name and the words “earn more money.” Once this message is opened, you will see obvious spammer tactics: Designed to look like it was sent by Trump Uses the CNN logo and similar website formatting Links to “See Trump’s plan for American’s to triple their income…” Once in the email, if a reader clicks on the links, they are redirected to a false CNN site, (one can look at their browser, to see that they were not directed to CNN, but a falsified site, ex. see Figure 2). Figure 2  While looking over the false CNN site, you will see tactics continuously used to help prove legitimacy. The site also uses fake statements claiming they are direct quotes from Trump during news conferences. In addition, any link clicked on from the fake CNN site...

read more

The Big Business of Spam: Open Enrollment Signals Open Season for Spammers

Spam is big business all year long, and it never goes out of season.  Unfortunately, spammers do kick things into high gear during the fall.  This is when people are buying gifts, thinking about how to get money to buy gifts, or opening holiday E-Cards that aren’t really from friendly people.  Spam tends to increase during this time, just because there’s more opportunity when people are in the holiday spirit. Fall is also the time of year when insurance companies allow businesses and individuals to adjust their health and life insurance coverage.  This is known as Open Enrollment, and spammers come out in force to try to take advantage of this well-known event. Barracuda Central, our 24×7 advanced security operations center, has detected an increase in health and life insurance spam over the last few weeks.  We have picked up several hundred examples of these emails since October. These particular spam messages use names of real insurance companies, such as AIG, Fidelity Life Insurance, and Medicare.  The messages have generic subject lines such as “Open Enrollment is here!” and “Now is the time to change your plan.” See Figure 1 for example. Figure 1These messages are particularly crafty and made to look as real as possible. Not only are the spammers using legitimate names of health and life insurance companies, they are also using images and wording that is close, and sometimes almost identical to the real advertisements from these entities. These “insurance” emails try their best to look convincing and lure the recipient to open them by promising a free quote for insurance plans (Figure 2). Some emails are so convincing, going so far as to even use the company name in the sending domain (Figure 3). Figure 2  Figure 3If the email is convincing enough and the recipient clicks on the false “free quote” link, they will notice their internet browser redirects a few times to sites that never fully load, the redirecting of the browser sometimes happens so rapidly that it...

read more