Maria Namestnikova, Senior Spam Analyst, Kaspersky Lab
“St. Valentine’s Day. Year in, year out it is becoming more and more of a reason for spammers to get to work. Users start receiving spam mail-outs offering presents for the romantic occasion in January - since spammers want a whole six weeks to reap the benefits of this yearly occasion.
So what would you do if you were a spammer at this time of year? You’d look for a way to attract the attention of users, for example using in the subject line and in the body of the text of a mail-out message “attractive” words that prompt users to open a message. The newest of such “attractors” in the spammer world has become the word “coupon”. This is often simply substituted for the word “discounts”, attracting attention to goods or services. But there is another way to promote goods and services via “coupon spam”: companies put their offerings on a coupon service and then via spam advertise them to try and reach a bigger audience. As I see it, it’s not very effective, since usually the level of trust in firms which advertise via spam is very low. Plus, users’ annoyance normally only cancels out any advantages from using such methods instead of increasing it.
Nevertheless, it would appear several firms reckon this method of attracting attention is worthwhile: the first St. Valentine’s spam mail-out, which Kaspersky Lab detected earlier this year, was in this category. The company offered the e-mail recipient to buy a small present for one’s beloved on St. Valentine’s Day, using a discount that was obtainable via the large coupon service Groupon.
Use of coupon services is a completely legitimate method of advertising; however, their popularity brings with it potential threats of phishing attacks. Phishers can be interested in users who have funds in their accounts with a coupon service - funds which they can spend immediately when an offer takes their fancy.
In order not to play into the spammers’ hands, and also not become a victim of a phishing attack using these coupon services, users need to observe three simple rules:
- don’t open e-mails from coupon services to which you aren’t registered. This, on the one hand secures you against phishing attacks or mail-outs of malicious code. On the other hand, if a spammer’s e-mail turns out to be simply a commercial offer, you reduce the number of responses, making the work of the spammers less profitable.
- If in an e-mail from a coupon service to which you are registered they ask you to verify your account via a link, or to in some other way present your login and password - don’t do this under any circumstances. Remember that large organizations never ask you to send your login and password via e-mail. Any such request must be considered as an attempt at stealing your account.
- If you get a message from a large service stating that you’ve obtained some coupons, when in fact you never ordered any, don’t open the message, and more importantly, don’t download anything via the e-mail. There is a high probability that what you do will be malicious.”