Easter Sunday is one of the most important festivals in the Christian calendar and it is observed anywhere between March 22 and April 25 each year; this year it falls on March 31. Spam messages related to Easter have begun flowing into the Symantec Probe Network. As expected, most of the spam samples are encouraging users to take advantage of products offers, personalized letters, e-cards, as well as clearance sales of cars and replica watches. Clicking the URL will automatically redirect the user to a website containing some bogus offer.
Figure 1. Spam product offer related to Easter
Spammers are also exploiting the event by sending casino spam email using the name “Easter bonnet”. The Easter bonnet represents the tail-end of a tradition of wearing new clothes at an Easter festival.
The following spam sample provides instructions for ways that users can acquire a “bonus”.
“Three different bonuses can produce some extra winnings.”
“Make your deposit and get free spins.”
“Free welcome package up to $500.”
Figure 2. Casino spam targeting the Easter bonnet
In the next spam sample, users are encouraged to take advantage of the bogus offers for purchasing a product. By clicking the URL it directs the user to a fake pharmaceuticals website.
Figure 4. Personalized letter targeting the Easter festival
Some of the headers observed for Easter related spam can easily be recognized:
Subject: XXX, Get your Easter savings on all vehicles
Subject: Shop Easter toys, baskets, plush and more
Subject: HappyEasterInAdvance,
Subject: Fun and Unique Easter Gifts
Subject: Celebrate Easter with a Personalized Gift
Subject: Easter eCard
Subject: Easter flowers at exceptional savings – shop now
Subject: Make the Easter bunny jealous! Easter flowers – from $19.99
Subject: Challenge Ends Easter weekend
Subject: Easter is hopping your way…and so are $19.99 bouquets!
Subject: 25-free spins on xxx this-Easter
Subject: Letter From Easter Bunny For Your Child
From: “EasterBunny” <EasterBunny@[REMOVED]>
From: Personalized Easter Gifts <xxx@[REMOVED]>
From: “Easter Sale” <xxx.beaches@[REMOVED]>
From: Easter Flowers <jewel@[REMOVED]>
From: “Easter Bouquets” <noreply@[REMOVED]>
From: “The Easter Bunny” <joint@[REMOVED]>
From: “Easter Letters Online” <xxx@[REMOVED]>
From: “Easter Clearance!” <xxx@[REMOVED]>
Symantec advises our readers to be cautious when handling unsolicited or unexpected emails. We at Symantec are monitoring spam attacks 24×7 to ensure that readers are kept up-to-date with information on the latest threats.
Another wave of Facebook phishing is spreading among Facebook users. Imagine you get a message from another Facebook user with a link to a new amazing Facebook app. Even if the sender is not your friend, you decide to go to the link. Instead of an application you see a fake Facebook login page. But […]
Most of us are aware of spam, and while we may think it’s just an annoyance, what’s really dangerous about it is the fact that most spam are phishing attempts. Phishing is when cybercriminals attempt to fraudulently acquire your personal information, such as passwords and credit card details, by masquerading as a trustworthy person or Read more…
Contributor: Ayub Khan
Symantec has been constantly monitoring phishing sites hosted on compromised Indian websites. In 2011, our study detailed these compromised sites and we did a similar study of phishing sites in 2012.
From August 2012 to November …
Contributor: Saurabh Farkade
The Vatican City has been in the news a lot in the past few weeks due to Benedict XVI’s resignation and the election of Pope Francis. Spammers have picked up on this opportunity for spreading malware.
Symantec Securit…
Every year around tax season, we see a huge spike in tax-related social engineering attacks. Social engineering is a type of cyber attack that attempts to psychologically manipulate users, tricking them into downloading malicious software or divulging confidential information. Very often, these attacks take the form of a fraudulent email created to mimic an email Read more…
興味深いのは、この祝日の名前を、大容量ファイルの送受信に利用できる有名サイトと関連付けて騙そうとするスパムメールが確認されていることです。リンクをクリックすると、悪質なコードをダウンロードする Web ページにリダイレクトされます。このページでは、狙われやすい脆弱性がいくつか悪用されています。これらのスパム活動の主な目的は、電子メールの件名や本文で聖パトリックの日を利用してユーザーを誘うことにあります。「Patrick[RANDOM NUMBERS](パトリック[ランダムな数])」といった件名が一例ですが、このような手口には注意して、リンクはクリックしないようにしてください。
図 1. 聖パトリックの日を狙った悪質なスパムメール
スパムからリンクする Web サイトでは、聖パトリックの日にちなんだ在庫一掃セールが宣伝されています。
図 2. 聖パトリックの日を狙った広告スパム
在庫一掃の特別価格を見ようとして[Get Prices](価格を見る)ボタンをクリックすると、次の Web ページにリダイレクトされ、価格を比較するために車種を選択するよう求められます。
図 3. 車種ごとの価格を比較する在庫一掃 Web サイト
型式と車種を選ぶと、さらに別の Web ページにリダイレクトされ、今度は住所や電子メールアドレス、支払方法などの個人情報を入力する画面が表示されます。これは明らかに個人情報を盗み出そうとする手口であり、注意が必要です。
図 4. ユーザーの個人情報を要求するページ
聖パトリックの日を狙った在庫一掃セールのスパムで、これまでに確認された件名の例を以下に示します。
/*St. Patrick’s Day clearance, test drive your new car…(聖パトリックの日の在庫一掃セール、新車の試乗チャンスです…) .* */
See Clearance Prices on all XXX Vehicles on St Patrick(聖パトリックにちなみ、XXX 全車種を在庫一掃価格でご提供)
St Patrick’ XXX Clearance(聖パトリックの日の XXX クリアランス)
See Clearance Prices on all XXX Vehicles on St Patrick(聖パトリックの日、XXX 全車種を在庫一掃価格でご提供)
2013 St Patrick XXX Huge Discount – Slashing prices to meet Quotas(2013 年の聖パトリックの日を祝し、大幅値下げ。売上達成のための出血価格)
次に示すスパムメールのサンプルは、偽の広告でユーザーを煽って商品を購入させようとしています。URL をクリックすると、医薬品販売を騙る偽の Web サイトにリダイレクトされます。