People are attracted to news, and when the news is big, the attraction is urgent. Spammers have known this for years, and both the recent royal birth and a horrific train accident in Spain has tempted them to dust off their fake CNN news alert templates. The honeypots at Barracuda Labs are seeing high volumes of this using a wide variety of hacked websites as their destinations.
Notice how this campaign still carries a subject line “Perfect gift for royal baby… a tree?” even as the content was changed to a fake video preview of the train disaster. Even spammers have a tough time keeping their stories straight.
CNN news alerts are a favorite spammer target because people sign up to receive them and expect to see them in their inbox. This familiarity and trust means less suspicion and more clicks. That's dangerous here, because the links in this email have nothing to do with CNN. Instead, an ill-considered click takes you to a hacked website whose response loads JavaScript from other hacked websites -three different ones, for redundancy.
In turn, the small bit of JavaScript that is retrieved redirects the browser to an attack site elsewhere.
While this site is currently unresponsive, the usual result would be exploitation of the browser and installation of a backdoor or password stealer.
As always, treat all of your email as guilty until proven innocent. Unless you really need to, don't even bother giving it a trial. Any news you receive in an update or newsletter should also be available on the website of the organization whose name appears on the email. Don't take chances – instead, use a few more keystrokes to go directly to the website.
Barracuda Networks customers using the Barracuda Spam & Virus Firewall are protected from these emails.
Christine Barry ist Senior Chief Blogger und Social Media Manager bei Barracuda. In dieser Rolle hilft sie, Barracuda-Geschichten zum Leben zu erwecken und die Kommunikation zwischen der Öffentlichkeit und den internen Barracuda-Teams zu erleichtern. Bevor sie zu Barracuda kam, war Christine über 15 Jahre lang als Außendiensttechnikerin und Projektmanagerin für K12- und KMU-Kunden tätig. Sie hat mehrere Abschlüsse in Technologie, einen Bachelor of Arts und einen Master of Business Administration. Sie ist Absolventin der University of Michigan.
Vernetzen Sie sich hier auf LinkedIn mit Christine.
