As excited as I was prior to the release of the sixth film of the Harry Potter series, it proved to be fairly disappointing in terms of the number of spam messages spawned using the book/film title. The latest film, “Harry Potter and the Half-Blood Prince,” was released worldwide on July 15.
We monitored the probe network traffic over the past couple of weeks to track the prevalence and volume of Harry Potter related spam. However, it seems that spammers are less passionate about the idea of using the magic of this tale for their spam campaigns. The recent Harry Potter-related spam that we did see arrived as either Nigerian scams or health-type spam.
One scam message is disguised as an online lottery winning notification. In this fake and non-existent lottery, the name “Potter” is misspelled as “Porter.” Interestingly, the scammer used J. K. Rowling as the name for the online lottery—Rowling is the author of Harry Potter fantasy novel series.
Below is an example of the scam email along with the headers:
In the health spam examples, the various subject lines use phrases such as “Harry Potter ebook.” The email body is in the form of a legitimate newsletter, but all of the URLs provided lead users to an online pharmacy website.
Various subject titles used in these samples are as follows:
Subject: Full ebook Harry Potter
Subject: Harry Potter interactive ebook
In another health spam sample, news involving Harry Potter is used to obfuscate the message. These meaningless sentences are inserted at the bottom of the email.
Below is an example of such obfuscated email:
A few more obfuscation samples used in the health spam are as follows: