Too good to be true?

Filed Under: SophosLabs, Spam

A Sophos employee today received the following in an email:

Dear all,

Marks & Spencers, in conjunction with Persimmon Homes, are giving away free vouchers. Marks & Spencers are trying word-of-mouth advertising to introduce its products and the reward you receive for advertising for them is free non-refundable vouchers to be used in any M&S store.

To receive your free vouchers by e-mail all you have to do is to send this email out to 8 people (for £100 of free vouchers) or 20 people (for £500 of free vouchers). Within 2 weeks you will receive an e-mail with your vouchers attached.

They will contact you through your e-mail address.

Please mark a copy to:

<removed>@persimmonhomes.com

Sophos have been in contact with the parties mentioned and this is not a legitimate offer.

The copy that Sophos employee received had been forwarded at least 8 times and was sent to approximately 100 people.

Even if this email was legitimate it would be a bad idea for the following reasons:

  • Email spreads very quickly and this one copy could have the effect of sending 100 more emails.
  • Forwarding other people's email addresses without their explicit permission could be compromising their personal details.
  • Email aware malware can harvest all the addresses for later use by spammers and worms.

While forwarding the email on to 8 or 20 friends may seem harmless the effects are not. The offer of free vouchers could mean that a large proportion of the the UK working population will forward the message causing a DDoS (Distributed Denial of Service) on the email servers of Persimmon.

Giving out people's personal data leaves them susceptible to spam and phishing attacks. The principle of "six degrees of separation" (the Kevin Bacon game) means that we are all 6 'friends' away from a spammer/phisher. Ultimately,this means that the email addresses will end up with a spammer.

Malware that collects email addresses automatically would love having 100 new, valid email addresses. One of the people to whom you are sending the email is likely to be infected with a virus that does this.

You might like