Hurricane postcards
When we see a stack of “click here to retrieve your free postcard” emails in our spam queues we can usually place bets as to what malware will be installed upon clicking. Something a bit more unusual breezed into our queues this afternoon though. Spammers are once again shamelessly using natural disasters to extract cash from unsuspecting email recipients.
The following is the email in question;
It initially looks legitimate enough, in that it contains a link to a genuine virtual postcard website. Clicking on the ‘Click Here’ link, however, takes you to a different site altogether. The spammers have gone one step further this time, in that the message on this site ties in with the original email, and not only that it tugs at your heartstrings too. In order to pick up your free card, they want you to first make a donation to the Red Cross’s disaster relief fund.
If you look closely at the site you’re taken to if you again ‘Click here’, which I have to admit does *look* convincing, you’ll see there’s no ‘https’ in the url, which is a sure sign you wouldn’t be making a safe payment. Instead, your details would no doubt be logged and merrily used to line the spammers’ pockets.
The site in question is blocked by Sophos, but as ever we advise customers to remain vigilant. You guessed it…never click on links in unsolicited mail.
Posted on September 10th, 2008 by Zoe Markham, SophosLabsFiled under: General, Spam
Windows 7 security - A great leap forward or business as usual?
