A lot of people are counting down the days until they can express their appreciation and love towards their dads by giving them gifts for Father’s Day, which is celebrated on June 16. Last month we published a blog called Spammers Continue to Exploit Mother’s Day, now it’s the turn of Father’s Day, as spam messages have started flowing into the Symantec Probe Network. Most of the spam emails attempt to encourage users to take advantage of product offers, fake surveys, and replica watches. Clicking the URL contained in the spam message automatically redirects the user to a website containing a bogus offer.
Figure 1. Gift offer spam
Figure 2. Product spam related to Father’s Day
Spammers will always try to take advantage of unsuspecting users by asking them to input personal information to avail of bogus offers for purchasing products. Symantec recently blogged about the rise of .pw URLs in spam messages and we are currently observing an increase in spam messages containing the .pw top-level domain (TLD) URLs in and around the times of major events, festivals, and holidays. Below are some examples of the From header, using .pw URLs, that have been observed in Father’s Day spam:
- From: “Personalized Father’s Day Gifts” <support@[REMOVED].pw>
- From: Quick Father Gifts <cigarformen@[REMOVED].pw>
- From: Cigars for Dad <cigarformen@[REMOVED].pw>
- From: Fathers Day Cigars <cigarformen@[REMOVED].pw>
Figure 3. Fake discount spam using Father’s Day as a lure
Spammers invite users to purchase the advertised product with a bogus coupon code and make false promises such as claiming the “materials used are the same as original.” The discount codes used in the spam attacks, such as dad[RANDOM NUMBERS] and father[RANDOM NUMBERS], attempt to lure users into clicking a link in order to take advantage of the Father’s Day offer.
Figure 4. Fake product discount spam
Symantec is observing an increase in spam volume related to Father’s Day, which can be seen in the following graph.
Figure 5. Volume trend of Father’s Day spam
Below are some of the subject lines used in this latest spam campaign:
- Subject: 15 Cigars for 29.95 (68% off Fathers Day sale!)
- Subject: The perfect gift for Fathers day only costs 32% of the original price!
- Subject: Regarding Father’s Day orders
- Subject: Personalized Gifts for All The Dads In Your Life
- Subject: Top Personalized Fathers Day Gifts
- Subject: Get relief from chronic spine conditions. Father’s Day Discount Available
- Subject: Don’t forget your father
- Subject: Don’t forget about your father
- Subject: Complete our Father’s Day Survey and Claim a $25 xxx Gift Card
- Subject: Endoscopic alternative to neck and back surgery is here. Father’s Day Discount Available
Symantec advises users to use caution when receiving unsolicited or unexpected emails. We are closely monitoring Father’s Day spam attacks to ensure that users are kept up to date with information on the latest threats.
Have a safe and happy Father’s Day!
