Sophos: The spam that goes bump in the night
October 2007 by Sophos
IT security and control firm Sophos has intercepted an attempt by spammers to hijack Halloween festivities to grab personal information from innocent internet users.
Sophos has identified a spam email campaign that tries to lure recipients into handing over a wide range of personal information with the promise of a gift voucher worth USD 250. The email uses a variety of painful puns associated with the spooky celebrations on 31 October:
’A $250 MasterCard Gift Card-there’s nothing scary about that! (Participation required. See below for details.)
Instead of running away, take advantage of your Halloween gift card and click below! (See offer for details.)’
Clicking on links contained in the email takes computer users to a website containing Halloween imagery. The website asks for a large amount of personal information including email addresses, postal addresses, phone numbers and date of birth, before presenting a stream of questionnaires on subjects as diverse as student loans, gender and cigarette smoking.
"It’s not immediately obvious whether this spam is being sent to commit identity theft or whether it’s market research gone mad. If you visit the site and give it your personal information the chances are that you will be bombarded with unwanted junk email until hell freezes over," said Graham Cluley, senior technology consultant for Sophos. "There’s no evidence to reassure people that they will really receive a gift card - and as the people behind this website have already proven themselves prepared to send unsolicited spam, this is probably more of a trick than a treat."
Sophos notes that this is not the first time that spammers have used festivities or public holidays to promote their goods. Every year, for instance, spammers leap upon the opportunity of St Valentine’s Day, to sell lingerie, chocolate, jewellery and even Viagra.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.
More information and a graphic of the website can be found at: