Top 5 #InfoSec Reads March 10 - March 14
Top 5 #InfoSec Reads March 17 - March 21

Is it Spam? This week in Amazon Credit Card Rewards Scams

Amazonscam1Many brands offer credit card rewards programs. This week's "Is it spam?" features a spampaign that attempts to attract mail recipients by offering them a reward or card voucher if they visit Amazon. These emails appear to be variants of a earlier phishing attack that seek to extract personal or account information when you visit the link. 

This week's scams contain Subject: lines include:

Your Amazon bonus code - AR841D0018

An Amazon.com thank you

A similar spampaign targeted sams club [sic]:

Ready to print - your Sams Club rewards dollars

Your complimentary Amazon.com shopping voucher is here

Amazonscam2Bayesian Poisoning, this time in hidden text

In our last "Is it Spam?" post, we looked at a blundered attempt to use hidden text to poison Bayesian filtering. This week's spammers managed to get set HTML font and background colors correctly to hide text. Spam investigators discover this by examining the raw or source email. You can see this source in most email clients. Gmail users, for example, can select "Show original" from a pulldown menu when they view a message:

Showoriginal

 

 

 

 

 

 

By opening the source email and stripping colors we can see the text that's hidden here to poison filters. I've set the text color to red for illustration purposes. If you are keen of sight, you may notice some tiny red at the top of the message: this is poisoning text as well, but for some reason (overkill?), the font size is set to 2 point.

I'd like to thank this and last week's phishers for providing teaching moments in such proximity. Hidden text, blundered or not, is a tell tale of a spam or a phish. As always, you are most safe when you STOP. THINK. CONNECT.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)