Spammer campaign exploits email read receipts

Share this article:

A new wave of malicious spam relies on requests for delivery confirmations for unsolicited emails.

According to security firm BitDefender, the technique uses multiple cons.

First, a "read receipt or notification" link attempts to trick the recipient, whose response will verify that the targeted email address is valid and active. If the recipient does not send a read receipt, the spammers deploy a secondary layer of confirmation techniques that uses a reference to a remotely stored image.

Should the previous two confirmation tricks fail, the third layer kicks in, especially if the victim suspects foul play. He or she is given an opportunity to unsubscribe or opt-out, a classic scam technique. The alleged opt-out links do not unsubscribe the recipient from the mailing list, but confirm instead that the email address is functional and ready to get even more spam.

Vlad Valceanu, head of BitDefender's Antispam Research said: “Users should be aware that without the appropriate security solution the integrity of their systems is at an extremely high risk. To validate the email address means that the user has signed the death sentence of his or her inbox.

“The next messages the spammers will send could carry a piece of malware that wipes out the hard drive or harvests and sends out sensitive data, like the credit card number the user types when purchasing goods online.”

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.