Spammers are increasingly impersonating “opt-in” emails, messages that people explicitly request and expect. Although less dramatic than last week's CNN News Alert spam (which, by the way, has now morphed to use images of Angelina Jolie,) our example this week shows why you need to take care with every email, no matter how familiar or pedestrian.
Intellicast.com is a well-known weather website which allows you to sign up for a regular email weather report. The spam that we're seeing in the Barracuda Labs honeypots looks very similar to the legitimate emails that Intellicast sends.
The differences are that the forecast (which is of particular interest) is missing, and the false link provided actually goes to a compromised website which hosts an attack page. There are many different compromised sites being used by this fast-moving campaign. The attack pages host exploit kits that send malicious content to the browser, eventually downloading and installing password-stealing malware.
The beauty of these emails as far as a spammer is concerned is that a regular Intellicast email subscriber might not think twice before clicking the familiar 10-day forecast link in the email. After all, they've done it many times before without any problem. Why would they expect this time would be anything different?
This just goes to reinforce our regular message – do not click on links in unsolicited emails, and in fact, as much as possible, don't even click on links in email that you do expect. Busy people just don't have time to examine each of their emails in detail looking for tell-tale signs of malicious spam – and it's just too easy to relax and fall into the trap of “click first and ask questions later.” Instead, visit websites directly so that you know where you're going and what you're getting.
Christine Barry est blogueuse en chef et responsable des réseaux sociaux chez Barracuda. Son travail consiste rédiger des articles captivants en lien avec les services Barracuda et à faciliter la communication entre le public et les équipes internes. Avant de rejoindre Barracuda, Christine a été ingénieure de terrain et chef de projet dans l'éducation et auprès de PME pendant plus de 15 ans. Elle est titulaire de plusieurs diplômes technologiques, d'une licence de l'université du Michigan, et d'une maîtrise en administration des affaires.
Connectez-vous avec Christine sur LinkedIn.