IT security and control firm has discovered an unusual spam
campaign which tries to lure recipients to engage in a flirtatious
MSN chat, before ultimately redirecting them to an adult
website.
According to Sophos, this technique could be used more in the
future as spammers attempt to avoid spam filters and trick
unsuspecting users into revealing sensitive and financial
information.
The unsolicited emails, discovered by SophosLabs researcher
Dmitry Samosseiko, use a variety of email addresses and minor
randomisation of content. A typical example reads:
ur cute,
msg me on MSN
my MSN name is [censored]@live.com ttys cutie :-*
Users who decide to take up this offer and chat with their
mystery admirer over MSN, will be quickly asked to sign up to a
website in order to see the supposed sender's webcam, are engaged
in a scripted IM chat, pretending to be from a woman who has just
started doing webcam shows from her home.
After some banter, the "woman" (who is in fact a computer
program, pretending to be human) says that she has some free passes
to view her on a webcam website. In reality, the website being
linked to by the online seducer was registered anonymously in May
2009, and belongs to an affiliate of ClickCash.com, a network
promoting adult websites. Sophos warns that when the website asks
for user details and credit card information to guarantee the user
is over 18 years old, the data could easily be used to commit
identity theft.
"Talking to strangers can be dangerous on the net, but many
people do it. So it's actually quite likely that this scam could be
successful," said Graham
Cluley, senior technology consultant at Sophos. "Engaging
victims in playful and flirtatious chat like this is a sure fire
way to hook people in and entice them to part with sensitive
information. All computer users need to be wary of unsolicited
emails, no matter whether or not they seem like harmless fun - if
you don't know the person who sent you the message, it's possible
that they're after your money and your identity."
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.