Virus, spyware and spam analysis firm Sophos Labs warned of a campaign to harvest e-mail addresses by attracting readers to Web sites offering topical video tributes through unsolicited e-mails.
Sophos monitored a trend in questionable sending around Sept. 14. It tracked e-mails containing video trailers offering tributes to 9/11 victims, tabloid celebrity Anna Nicole Smith and recently deceased “Crocodile Hunter” Steve Irwin.
“For a spam campaign to be successful, there has to be an effective social technique at work,” said Ron O’Brien, senior security analyst at Sophos, Boston. “Playing on emotion is a common trend, and 9/11 and Steve Irwin and Anna Nicole’s tragedies are examples of this tactic. We see this used a lot around Mother’s Day and other holidays.”
Within the e-mail, a teaser of the video is displayed, and it invites the receiver to click on a link to view the whole thing. On the site, visitors are required to give an e-mail address to watch the full tribute video. Users also may invite five friends along to view it, too, by providing their e-mail addresses to the unidentified site.
Mr. O’Brien challenged the method used for the initial e-mail generation. He said that most of these addresses that received the e-mails were gained from Internet scraping, or searching the Web for e-mail addresses listed on Web sites. His, for example, is listed on www.sophos.com, as he often speaks to the press. His statement is based on Sophos’ ownership of an out-of-commission domain name that the company uses as a spam trap.
He warned against opening such an e-mail, as it confirms to the spammer that the address is active. This increases its sale value.
“You should never buy anything, free or not, that was sent to you by an unsolicited e-mail,” he said. “If you hear of a product that you like in this way, then go to Google and search for it or go to a site you trust like Amazon.com to find it. Do not click through the e-mail to purchase, because that is condoning spam.”