Spammer campaign exploits email read receipts

Share this article:

A new wave of malicious spam relies on requests for delivery confirmations for unsolicited emails.

According to security firm BitDefender, the technique uses multiple cons.

First, a "read receipt or notification" link attempts to trick the recipient, whose response will verify that the targeted email address is valid and active. If the recipient does not send a read receipt, the spammers deploy a secondary layer of confirmation techniques that uses a reference to a remotely stored image.

Should the previous two confirmation tricks fail, the third layer kicks in, especially if the victim suspects foul play. He or she is given an opportunity to unsubscribe or opt-out, a classic scam technique. The alleged opt-out links do not unsubscribe the recipient from the mailing list, but confirm instead that the email address is functional and ready to get even more spam.

Vlad Valceanu, head of BitDefender's Antispam Research said: “Users should be aware that without the appropriate security solution the integrity of their systems is at an extremely high risk. To validate the email address means that the user has signed the death sentence of his or her inbox.

“The next messages the spammers will send could carry a piece of malware that wipes out the hard drive or harvests and sends out sensitive data, like the credit card number the user types when purchasing goods online.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.