Sophos Cloud Optix
Not all cybercriminal activity is sophisticated.
For instance, here’s a spam message I saw today, claiming to be a communication from Google:
Subject: Consideration
Message body:
Thank you for taking the time to contact us.Within two weeks we should be able to provide you with a decision in regard to your question, and we want you to know that we will be giving your question our fullest consideration.
We would like to thank you again for your time and consideration and will be in touch with you as soon as we have some definitive information for you.
Also you can track your request by visiting our Tracking System Page.
Yours very truly, Venessa Robison.
There’s no personalisation in the email text to lure me into believing the email is genuine, no attachment containing a malware payload, and clicking on the link doesn’t even take me to a phishing webpage which will ask me to enter my Google username and password.
It’s just some generic wording, sent from a forged email address (wmt-noreply@google.com) – an email address used legitimately by Google for communications about their tools for webmasters.
So, what is the point of the spam? Well, if you click on the link you will be taken (via a redirect on a Brazilian webpage) to a “Canadian Pharmacy” website trying to sell you Viagra and other drugs to improve your performance between the sheets.
Yes, it’s hardly the most convincing sales spiel.
But the fact that we keep seeing such unsophisticated tactics used by the spammers to earn cash for themselves suggests that it *must* work. They simply wouldn’t continue using such sledgehammer techniques to promote their websites unless a small proportion of people who were duped into clicking on the link from the bogus Google email *did* end up buying something to perk up their sex life.
Which, frankly, is a bit sad.
Remember our spam pledge?
(Enjoy this video? Check out more on the SophosLabs YouTube channel.)
If you never buy goods promoted via spam, life becomes much harder for the spammers. And maybe they’ll have to find something else to do with their time.
I have a simple theory when in doubt delete it. As in if I don't know where or who it has come from I delete it. I told my mother to do the same and so far we haven't had any problems. I also have avast and malware bytes on my computer.
More than that – if you get an unexpected email from someone you know, treat it with caution. Apart from viruses that read your address book, there is also a scam involving emails from Facebook friends…sometimes it is obvious like when I know a particular FB friend doesn't have my email address.
And there is another virus which sends to your friends an email telling them you are stuck in a foreign country without money…please send some money.
Bottom line…emails from friends are by no means guaranteed safe.
Indeed. Sadly those who need to take the pledge are unlikely to be reading a Sophos article.
Where I work we get lots of this particular junk. The source IP addresses are all over the place. Perhaps somebody compromised a load of machines ten moved on and now they’ll go on advertising a Canadian pharmacy with its website in Rumania till the end of time.
Everyone should learn how to read the header information that is present in every email we send or receive. Also, how to use the command line prompt to ping various sites.
Sophos could produce a small video on how to do this and publish it on YouTube or, to maximize the impact, burn the video into DVDs and offer to mail them to sales prospects.
Even a rank novice can learn these techniques in minutes.
"Everyone should learn how to read the header information that is present in every email we send or receive. Also, how to use the command line prompt to ping various sites."
I don't even pretend to understand what the foregoing means! (I'm not a techie.)
If knowing how to do either (or both) of these things, will I have a better chance of differentiating spam from legitimate email(s)?
The reason people buy drugs, including Viagra, from these sites is because the sites actually deliver. Viagra retails for over $10 US a tablet because of laws that ‘protect’ Pfizer’s ‘IP’, while these sites get their drugs from Chinese factories for much closer to their real cost of production – around $1.50. If you had a prescription for Viagra (and many people do, thankyouverymuch – it’s a popular prescription,) might you not take a chance at 20 for about $35, rather than 20 for over $200? And if you’re not ripped off, perhaps you might not you become a repeat customer?
I appreciate how you're not blurring out the web addresses anymore. You'd think readers of an Internet security blog would know better than to go to those websites. Sometimes I'm just curious about what spammers/scammers' website URLs are.
This doesn't explain the spam we get that has no message, no links, nothing. It's usually just part of a garbled sentence. My only guess is that it's to clog up email systems because when they don't even give you a link to click and the email they're sending from isn't a valid email, one can't really go anywhere with that.
Or it’s a screw-up by the spammers, and they sent out gibberish rather than their intended campaign. 🙂
Whatever this is, it seems to have made a comeback…at work, we’re getting bunches of MAILER-DAEMON messages from other sites bouncing this (it seems to have forged our domain in the headers).