Today the Commtouch Security Lab (CSL) published its Security Number of the Month for December: Ninety days ago a substantial spam campaign focusing on dubious offers and fake prizes began. However since December 10, the campaign has been thematically recycled and sent as a Christmas themed email, featuring subjects such as “Letter from Santa For Your Child.”
The Christmas-related modification to the large-scale spam campgain illustrates that holidays are often intentionally used by cybercriminals to rejuvenate and lengthen their otherwise ordinary spam campaigns.
This spam campaign previously centered around dubious offers providing unbelievable deals on numerous products. It also notified recipients that they had alledgedly won a prize and asked them to answer a few questions and provide a physical address. Those who responded unknowlingly signed up for costly newsletters or services.
After 90 days, the cybercrooks simply altered their social engineering to focus on Christmas by soliciting orders for “the perfect gift for any child” – a letter from Santa postmarked from the North Pole. The revised approach is a clear example of how these crimials repurpose an existing spam campaign by maximizing the power of time-sensitive social engineering – sadly, an incredibly efficienct tactic.
Each month, the research team at Commtouch presents the “Commtouch Security Number of the Month” – a number representing and illustrating a current issue or trend in Internet security.