It is, after all, the season where we express to our loved ones just how much we care about, appreciate, and truly love them. Since the start of the month Websense Security Labs has noticed the gradual increase in St. Valentine-related spam. As Valentine’s Day approaches, there seems to be more of a focus on spam directed at soliciting services and also selling products.
The first attack we noticed within our ThreatSeeker network looked and acted almost the same way as many of the numerous email harvesting spam messages we have seen in the past. Common characteristics shared with these examples include the offering of products and/or services, provision of numerous links within the message which usually end up with null results, and the somewhat valid unsubscribe option which allows the user to safely unsubscribe from a mailing list.
The unsubscribe (safely) choice is usually the most common as this gives the unsuspecting user the false hope that they are actually being taken off a list, consequently receiving no more spam (at least from this sender).
Below are the screen shots which walk you through what an unsuspecting user might see.
Step 1: The user opens email message and having realized the links are dead, tries to unsubscribe by clicking on the provided link.
Step 2: The user wishing to unsubscribe is presented with the prompt to enter his/her email address to be removed from the list.
Clicking the unsubscribe button after entering the email address displays the details entered with text indicating that the address has been successfully unsubscribed. In the past we have come across unsubscribe links which actually work but as there is no real verification of this, the only way a user can know their action is successful is if they no longer receive messages from the sender they unsubscribed from.
With a little savvy, I believe that unless you are certain you did subscribe for a bulletin, a newsletter, or offers, you should not willingly provide your details hoping that doing so and hitting the unsubscribe button actually “does what it says on the tin”.
Other messages we are seeing are the familiar template of linked image spam, where an image hides the true intent of the spammer. Clicking on the image takes the user over to a pharma site where they are supposedly able to purchase the advertised drugs.
This is not a new trick but one which has been in use and circulation for a very long time and has only been modified due to the season with the embedding of romantic related images.
Valentine’s Day would definitely not be complete in the world of technology if spammers had not taken advantage of it – and who says romance is dead?!
Author: Amon Sanniez, Websense.