Spammer campaign exploits email read receipts

Share this article:

A new wave of malicious spam relies on requests for delivery confirmations for unsolicited emails.

According to security firm BitDefender, the technique uses multiple cons.

First, a "read receipt or notification" link attempts to trick the recipient, whose response will verify that the targeted email address is valid and active. If the recipient does not send a read receipt, the spammers deploy a secondary layer of confirmation techniques that uses a reference to a remotely stored image.

Should the previous two confirmation tricks fail, the third layer kicks in, especially if the victim suspects foul play. He or she is given an opportunity to unsubscribe or opt-out, a classic scam technique. The alleged opt-out links do not unsubscribe the recipient from the mailing list, but confirm instead that the email address is functional and ready to get even more spam.

Vlad Valceanu, head of BitDefender's Antispam Research said: “Users should be aware that without the appropriate security solution the integrity of their systems is at an extremely high risk. To validate the email address means that the user has signed the death sentence of his or her inbox.

“The next messages the spammers will send could carry a piece of malware that wipes out the hard drive or harvests and sends out sensitive data, like the credit card number the user types when purchasing goods online.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

VBA malware on rise, templates make it easier to write code

VBA malware on rise, templates make it easier ...

Researchers at SophosLabs found an uptick in VBA samples in July.

Analysts spot 'Critolock,' ransomware claims to be CryptoLocker

Trend Micro noted several differences between Critolock and CryptoLocker, however.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.