Some events familiar among people in the United States are commencing this month, including: Thanksgiving—a great occasion to thank dear friends and family for their kindness; and Black Friday—a day after Thanksgiving, usually the busiest retail shopping day of the year. Spam messages related to these events have begun flowing into the Symantec Probe Network. Many of the spam samples observed are encouraging users to take advantage of e-cards, clearance sales of cars and trucks, products bidding to get the best deals, replica watches. Clicking the URL will automatically redirect the user to a fake offer website.
Figure 1: An e-card for Thanksgiving day
Figure 2: Fake bidding deals for Black Friday
A new tactic is being observed whereby domains attempt to convince users to bid for good deals. In such cases users should be careful and avoid clicking on the links. The domains being used in the attack are registered for one year and its servers were located in United States of America. Below are some examples of the spam domains that we have thus far identified:
In one spam sample of Black Friday, the spammers invite users to purchase the product (Rolex watches) with a price reduction of 25% – 50% along with some false promises, such as:
Users should be wary of such bogus offers. The spam domain used in the above attack taking advantage of the Black Friday holiday is:
http://www.xxxBlackFridayWatch[REMOVED].com
Figure 3: Replica watches for sale
Some of the Subject Lines observed for these spam attacks include:
Symantec advises our readers to be cautious when handling unsolicited or unexpected emails. We at Symantec are monitoring spam attacks 24x7 to ensure that readers are kept up-to-date with information on the latest threats.