About:
For the past few weeks we've been seeing a spam campaign that attempts to lure users into get-rich-quick scams. So far, the two scams involved have been typical "work from home" and "penny stock" scams.
On the social engineering front, these messages are targeting people's natural desire for financial success in a time of rising unemployment and personal debt. The claims are backed up by claims of endorsements by reputable third parties the likes of ABC, CNBC and CNN.
A typical message looks like this:
The messages all originate from free webmail services, mostly AOL, Hotmail and Yahoo.
For the work from home part of the campaign, the landing page leads the victim to a purchase page where they can buy the "startup kit" at a "massively discounted" price. This may be their main source of income in this scam, but once your credit card information is in their possession, the door has been opened for further fraud.
For the penny stocks part of the campaign, the landing page asks for the victim's name and email address so they can receive a newsletter. This serves to collect some information about the victim, as well as potentially accomplishing penny stock manipulation if enough people act on the advice of the newsletter.
As always, the landing pages are filled with disclaimers, the most suspicious and entertaining being:
"Never invest in any stock featured on our site or emails unless you can afford to lose your entire investment."
"Any claims or statements should be deemed hypothetical."