The Spam Omelette #30
/* Style Definitions */
mso-padding-alt:0in 5.4pt 0in 5.4pt;
back in the top
within our previous issues of the Spam Omelette, the word EMAIL has made a
comeback this week as top word in spam. The word has been identified by
BitDefender’s spam analysts in messages coming from Canadian Pharmay. The
message reads “I changed my email”, but the email headers have been forged to
look as if it had been sent from the recipient’s account. These techniques help
the spammer not only to trick the user into opening the message (as he / she
believes that it comes from an acquaintance trying to keep in touch, but also
to bypass the email client’s spam filters based on the Trusted Senders’ List.
Although the word
PLEASE has been spotted in our previous issues of the Spam Omelette in
newsletter footers, this week’s messages abusing the word are coming mostly
from Nigerian scammers. Two particular messages are shown below:
This is a classic
advance-fee scam – as the user replies the message, they will be advised to
purchase the first batch of vaccines at their own expense, and then to sell
them to the “company” for a large share of profit. The minute money is wired,
the user would never hear from mr. John Whitaker.
Another variation of
this mail involves the acquisition of BORBAKIN Cleanser, a substance allegedly
used in gold processing. Remember, if something looks too good to be true, it
The second spam wave is
a classical scam aiming at stealing personal information for identity theft /
credit card fraud. When contacted back, the scammer requests personal
information such as a copy of the driver’s license or ID card, along with
address, phone number and social security number. For your own safety, please
do not disclose any sensitive information to unknown senders.
Ranking third in our
weekly spam top, the word PRIVACY has been detected in messages impersonating
legitimate newsletters. Most of the alleged newsletters come from Canadian
Pharmacy, the infamous online business selling prescription-based / non
links not dead – just useless
Unsubscribe links are
usually associated with spam impersonating legitimate newsletter. During the
last weeks, these types of spam used to feature unsubscribe links that validate
users’ email addresses against a spam database. This week’s templates, however,
only take the user to the advertised service.
As usually, the most aggressive spammer using the unsubscribe technique
is Canadian Pharmacy.
PRICE for replica watches
The word PRICE ranks
fifth in our weekly top and has been mostly detected in product spam
advertising knock-off watches. Although advertised as top-notch products, these
replicas are cheap imitations of the genuine brands.