Many brands offer credit card rewards programs. This week's "Is it spam?" features a spampaign that attempts to attract mail recipients by offering them a reward or card voucher if they visit Amazon. These emails appear to be variants of a earlier phishing attack that seek to extract personal or account information when you visit the link.
This week's scams contain Subject: lines include:
Your Amazon bonus code - AR841D0018
An Amazon.com thank you
A similar spampaign targeted sams club [sic]:
Ready to print - your Sams Club rewards dollars
Your complimentary Amazon.com shopping voucher is here
In our last "Is it Spam?" post, we looked at a blundered attempt to use hidden text to poison Bayesian filtering. This week's spammers managed to get set HTML font and background colors correctly to hide text. Spam investigators discover this by examining the raw or source email. You can see this source in most email clients. Gmail users, for example, can select "Show original" from a pulldown menu when they view a message:
By opening the source email and stripping colors we can see the text that's hidden here to poison filters. I've set the text color to red for illustration purposes. If you are keen of sight, you may notice some tiny red at the top of the message: this is poisoning text as well, but for some reason (overkill?), the font size is set to 2 point.
I'd like to thank this and last week's phishers for providing teaching moments in such proximity. Hidden text, blundered or not, is a tell tale of a spam or a phish. As always, you are most safe when you STOP. THINK. CONNECT.