Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a spam campaign designed to harvest email addresses by attracting
readers to websites offering topical "video tributes".
The spam emails lead to sites containing a range of teasers
offering video tributes to 9/11 victims, troubled celebrity Anna
Nicole Smith and "Crocodile Hunter" Steve Irwin who was killed on 4
September by a giant stingray whilst snorkelling off the Great
Barrier Reef.
A teaser is displayed, encouraging visitors to
enter their full email address to watch the full
tribute.
To view the full video, you need to provide your email address -
something which seems harmless enough unless you visit the site's
privacy policy, accessible via a link at the bottom of the
page.
In this policy, the operator of the page reserves the right,
amongst other things, "to send you personalized marketing
information via electronic delivery", "to send you targeted
advertising", and to "sell and/or license the personal information
that you provide...to third party businesses," including "providers
of direct marketing services and applications".
If you click through to the video, you are given an opportunity
to invite five of your friends along to view it too, by providing
their email addresses to the site's operator.
The web pages offer tributes related to news
events such as 9/11 and the death of Steve Irwin.
"The message is simple: don't stitch up your friends by dishing
out their email addresses, no matter how keen you think they might
be, and always think carefully before giving your email address to
any website especially if it has just spammed you. Websites like
this are preying on people's interest in news stories like the
death of Steve Irwin and the troubled life of Anna Nicole Smith in
their attempt to collect email addresses," said Graham Cluley, senior
technology consultant for Sophos. "If you really can't resist, then
be sure to read the small print. Your personal information is
valuable, so be wary of giving companies the right to collect it
and then to dispose of it however they want."
Sophos recommends that companies protect their email gateways
with a consolidated solution to defend
against viruses, spyware and spam, as well as secure their desktop
and servers with automatically updated protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.