You Are Here: Home » MalwareCity » SPAM REVIEW » The Spam Omelette #30

The Spam Omelette #30





/* Style Definitions */
{mso-style-name:”Table Normal”;
mso-padding-alt:0in 5.4pt 0in 5.4pt;

Spam Omelette map 30


back in the top

Extremely popular
within our previous issues of the Spam Omelette, the word EMAIL has made a
comeback this week as top word in spam. The word has been identified by
BitDefender’s spam analysts in messages coming from Canadian Pharmay. The
message reads “I changed my email”, but the email headers have been forged to
look as if it had been sent from the recipient’s account. These techniques help
the spammer not only to trick the user into opening the message (as he / she
believes that it comes from an acquaintance trying to keep in touch, but also
to bypass the email client’s spam filters based on the Trusted Senders’ List.


E-mail spam


2. Scammers

Although the word
PLEASE has been spotted in our previous issues of the Spam Omelette in
newsletter footers, this week’s messages abusing the word are coming mostly
from Nigerian scammers. Two particular messages are shown below:

please spam

This is a classic
advance-fee scam – as the user replies the message, they will be advised to
purchase the first batch of vaccines at their own expense, and then to sell
them to the “company” for a large share of profit. The minute money is wired,
the user would never hear from mr. John Whitaker.

Another variation of
this mail involves the acquisition of BORBAKIN Cleanser, a substance allegedly
used in gold processing. Remember, if something looks too good to be true, it
surely is!

please spam 2

The second spam wave is
a classical scam aiming at stealing personal information for identity theft /
credit card fraud. When contacted back, the scammer requests personal
information such as a copy of the driver’s license or ID card, along with
address, phone number and social security number. For your own safety, please
do not disclose any sensitive information to unknown senders.

please spam 3


at risk

Ranking third in our
weekly spam top, the word PRIVACY has been detected in messages impersonating
legitimate newsletters. Most of the alleged newsletters come from Canadian
Pharmacy, the infamous online business selling prescription-based / non
FDA-approved drugs.

Privacy spam


links not dead – just useless

Unsubscribe links are
usually associated with spam impersonating legitimate newsletter. During the
last weeks, these types of spam used to feature unsubscribe links that validate
users’ email addresses against a spam database. This week’s templates, however,
only take the user to the advertised service. 
As usually, the most aggressive spammer using the unsubscribe technique
is Canadian Pharmacy.

unsubscribe spam


5. Bargain
PRICE for replica watches

The word PRICE ranks
fifth in our weekly top and has been mostly detected in product spam
advertising knock-off watches. Although advertised as top-notch products, these
replicas are cheap imitations of the genuine brands.

Price spam

About The Author

Senior E-Threat Analyst

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Number of Entries : 340

Leave a Comment

© 2012 Powered By Bitdefender

Scroll to top