Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned computer users to think before forwarding chain letters after discovering a new scam being used by spammers to collect email addresses.
A spammed email campaign, seen by Sophos, poses as a research project into chain mail and joke messages that are frequently sent between email users around the world. Chain letters and jokes can easily be sent to a person's full contact list or an entire company department, ending up with valid email addresses for everyone who received the message in the body of the message.
The new spam campaign asks for chain letters to be forwarded to the spammers (who are posing as a researcher called Gemma). However, Sophos warns that rather than conducting a study of chain letters, the recipients are actually planning to gather innocent peoples' contact details for the purposes of spam and identity theft.
Part of the spammed email reads as follows:
I would be very grateful if you would be kind enough to forward absolutely anything and everything that remotely resembles chain mail, forwards of any type (even the rude ones). This project is based over the next year and I need at least 500,000 forwards for this project to be a success, so please keep them coming the more the better
The email asks for chain letters and joke messages.
"Spammers need email addresses like a fish needs water. Without details of 'live' email addresses they struggle to get their unwanted marketing messages in front of their potential customers," said Graham Cluley, senior technology consultant for Sophos. "Under the pretence of 'research' spammers are trying to fool internet users into passing on dozens of email addresses with every message they forward. At best this could result in spam being sent to all of your friends and colleagues, at worst they could be put at risk of identity theft. Computer users should break the chain and not respond to messages such as this one."
Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam, as well as secure their desktop and servers with automatically updated protection.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.