Email This!

Spammers are abusing the social media sharing functionality of popular web sites, to bypass spam filters.

I received an email this evening with the subject line “NYTimes.com: Money for Social Science”, turns out it was a story that a spammer had chosen to share with me from the New York Times web site. Of course the spammer was not aware of my hidden passion for Social Science funding projects, he was simply trying out a new avenue to get his scam into my inbox.

The article sharing functionality allows the sender to specify their own message to go along with the story and of course that was where the much more traditional 419 scam was to be found.
NYT-Spam

Although this tactic means that the Spam will be sent from an IP address that is unlikely to be blacklisted, and contain much content that is unlikely to set off a spam filter, it certainly doesn’t add any credibility, to a 419 scam at least.

That said though, if this technique were to be adopted by criminals seeking to spread socially engineered malicious links it could be made to look much more convincing. Interestingly this abuse of the New York Times web site happens in spite of the fact that users need to create an account in order to share stories by email.

Perhaps web sites offering this kind of functionality would do well to invest in technology to scan the content of their outbound emails in order to stomp on this sort of abuse. If it becomes widespread they are very likely to find themselves blacklisted which would be a serious blow to their social media capabilities.

As Solutions Architect for Trend Micro, Rik Ferguson interacts with CIOs from a wide variety of blue chip enterprises, government institutions, law enforcement organisations. Recognised as an industry thought leader and analyst, Rik is regularly quoted by the press on issues surrounding Information Security, Cybercrime and technology futures. With over 15 years experience in the IT Industry with companies such as EDS, McAfee and Xerox Rik’s broad experience enables him to have a clear insight into the challenges and issues facings businesses today.