Security news
Security news14 September 2006
Spammers pose as chain mail researchers to harvest email addresses Sophos encourages users to "break the chain" as scam is revealed
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned computer users to think before forwarding chain letters after discovering a new scam being used by spammers to collect email addresses.
A spammed email campaign, seen by Sophos, poses as a research project into chain mail and joke messages that are frequently sent between email users around the world. Chain letters and jokes can easily be sent to a person's full contact list or an entire company department, ending up with valid email addresses for everyone who received the message in the body of the message.
The new spam campaign asks for chain letters to be forwarded to the spammers (who are posing as a researcher called Gemma). However, Sophos warns that rather than conducting a study of chain letters, the recipients are actually planning to gather innocent peoples' contact details for the purposes of spam and identity theft.
Part of the spammed email reads as follows:
I would be very grateful if you would be kind enough to forward absolutely anything and everything that remotely resembles chain mail, forwards of any type (even the rude ones). This project is based over the next year and I need at least 500,000 forwards for this project to be a success, so please keep them coming the more the better
The email asks for chain letters and joke messages.
"Spammers need email addresses like a fish needs water. Without details of 'live' email addresses they struggle to get their unwanted marketing messages in front of their potential customers," said Graham Cluley, senior technology consultant for Sophos. "Under the pretence of 'research' spammers are trying to fool internet users into passing on dozens of email addresses with every message they forward. At best this could result in spam being sent to all of your friends and colleagues, at worst they could be put at risk of identity theft. Computer users should break the chain and not respond to messages such as this one."
Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam, as well as secure their desktop and servers with automatically updated protection.
Read now
- 15,000 new web pages hacked daily
- Biggest botnet busted
- 79% of malware on legitimate sites
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
