Spammer campaign exploits email read receipts

Share this article:

A new wave of malicious spam relies on requests for delivery confirmations for unsolicited emails.

According to security firm BitDefender, the technique uses multiple cons.

First, a "read receipt or notification" link attempts to trick the recipient, whose response will verify that the targeted email address is valid and active. If the recipient does not send a read receipt, the spammers deploy a secondary layer of confirmation techniques that uses a reference to a remotely stored image.

Should the previous two confirmation tricks fail, the third layer kicks in, especially if the victim suspects foul play. He or she is given an opportunity to unsubscribe or opt-out, a classic scam technique. The alleged opt-out links do not unsubscribe the recipient from the mailing list, but confirm instead that the email address is functional and ready to get even more spam.

Vlad Valceanu, head of BitDefender's Antispam Research said: “Users should be aware that without the appropriate security solution the integrity of their systems is at an extremely high risk. To validate the email address means that the user has signed the death sentence of his or her inbox.

“The next messages the spammers will send could carry a piece of malware that wipes out the hard drive or harvests and sends out sensitive data, like the credit card number the user types when purchasing goods online.”

Share this article:

Sign up to our newsletters

More in News

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Rhode Island hospital to pay $150K for past data breach

More than 12,000 patients' personal and health information was compromised in a breach at The Women & Infants Hospital of Rhode Island.