90-day spam campaign turns to Santa in December

Ninety days ago a substantial spam campaign focusing on dubious offers and fake prizes began, according to Commtouch. However since December 10, the campaign has been thematically recycled and sent as a Christmas themed email, featuring subjects such as “Letter from Santa For Your Child.”

The Christmas-related modification to the large-scale spam campaign illustrates that holidays are often intentionally used by cybercriminals to rejuvenate and lengthen their otherwise ordinary spam campaigns.

This spam campaign previously centered around dubious offers providing unbelievable deals on numerous products. It also notified recipients that they had allegedly won a prize and asked them to answer a few questions and provide a physical address. Those who responded unknowingly signed up for costly newsletters or services.

After 90 days, the cyber crooks simply altered their social engineering to focus on Christmas by soliciting orders for “the perfect gift for any child” – a letter from Santa postmarked from the North Pole.

The revised approach is a clear example of how these criminals repurpose an existing spam campaign by maximizing the power of time-sensitive social engineering – sadly, an incredibly efficient tactic.