Tumblr’s site (http://www.tumblr.com/about) says:
Tumblr lets you effortlessly share anything.
And apparently that means the sharing of copious amounts of unregulated spam email as well.
More specifically, we’re still seeing an ongoing campaign of bogus “work at home” scams perpetrated by fake sending links to bogus “news” articles used to ensnare the more gullible of Internet participants.
Were seeing a fair amount of bogus Apple Store Order Notification spam emails that are sufficiently confusing to end users that they are frequently resending these to themselves after our filtering initially blocks them.
The emails present themselves as:
Subject: ID:921-818692 Apple Store Order Notification
From: “Apple Store” <Store@apple.com>
The “Order ID Number” for each spam can be random, which helps these spam emails to appear legitimate and also to help evade many spam filters.
The sending address is spoofed, and the emails themselves are quite simple:
You have to give spammers some credit for creativity, especially when they can manage to get strangers to pay for free software.
In-boxes are seeing more such spam for exactly this type of pitch:
Subject: Action Required : Download New Acrobat PDF Reader For Your Windows
From: Adobe Systems Incorporated <direct@adobesysterms.com>
Here’s a copy of the bogus email:
After seeing countless bogus email campaigns claiming to be from UPS, DHL, Fed Ex and the United States Postal Service all used for spreading viruses, it was inevitable that we would also start seeing similar messages claiming to come from Canada Post arriving as:
Subject: Your package has arrived!
From: “Canada Post”<tracking@canadapost.ca>
While the From address says it’s from Canadapost.ca the latest batch actually came from Germany, via:
web08.konfigserver.de ([83.141.3.208])
Here’s the complete email:
More Paypal fraud on the way. This time spoofing a domain that only sounds like Paypal:
Subject: account limited ! update your account information
From: Paypal Service Inc <Service@nopaypal.com>
Of course many recipients are not going to notice the minor variation and will simply ignore that this mail claims to come from “nopaypal.com” rather than “paypal.com” while it actually comes via spam friendly servers like:
caracalla.lunariffic.com ([216.227.214.143])
The actual emails look like this:
A clever variation on the growing UPS deliver alert virus campaign is hitting harder each day. Emails arrive:
Subject: Your package has arrived!
From: UPS Shipments <tracking@ups.com>
The sending address is spoofed and not really from UPS.
The short but very efficient email notice continues: more »
We’re seeing more an more spoofed Twitter spam being sent to trick twitter users into visiting online pharmacology websites.
Most arrive with a simple subject line:
Subject: You have notifications pending
Sending addresses will look like otherwise legitimate notification addresses such as:
Based on the volume of junk mail promoting Gevalia, there must be exceptional profit to be made in spamming the public pushing coffee club memberships.
We’re seeing Gevalia spam from throwaway domains such as:
“Gevalia Coffee” <bigflavor_@whibagroop.info>
“Gevalia Offer!” <Rich_Flavor_@zuniskalan.info>
“Gevalia Coffee” <gevaliacoffee@multteman.com>
“Gevalia Coffee” <Gevalia.cgcryz@qwertykeys.info>
gevalia <gevalia.qmocc@qubjao.doctorpicturesense.net>
And with subject lines like:
Special news for coffee lovers
Gevalia – Home is where it happens
Gevalia is giving away a coffeemaker and travel mug
`Gevalia `Coffee – `YOUR `EXCLUSIVE `GIFT `INSIDE !
gevalia stainless steel coffee collection, not available in stores
While many other domains and subject lines are used, what these emails have in common is that they display ads such as:
Just in time for Valentines day, FTD Flowers confiscates Cupid’s arrows and instead arms him with endless waves of email Spam.
Mailboxes everywhere are seeing messages like:
Subject: Send FTD Valentine’s Day Flowers from $19.99
From: ”FTD Exclusive Offer” <info@dns0.ash-falken.de>
These messages typically use actual FTD Artwork, such as:
Click for Larger Image
A new and very well crafted spoofed Bank of America Alert is making the rounds:
Subject: Bank of America Alert : Account Locked
From: Bank Of America <onlinebanking@ealerts.bankofamerica.com>
In reality, the email address is spoofed and could be coming from anywhere, but the ones we’ve reviewed so far came from hostgator.com accounts through their annonymous “WebsiteWelcome” domain:
gateway08.websitewelcome.com ([69.56.142.29])
