Mother’s Day is celebrated in many countries on May 12 and it’s a day for children, regardless of age, to express their love to their mother by giving her a gift. Spam messages related to Mother’s Day have begun flowing into the Symantec Probe Network. Clicking the URL contained in the spam message automatically redirects the recipient to a website containing a bogus Mother’s Day offer upon completion of a fake survey.
Figure 1: Survey spam targeting Mother’s Day
Once the survey is completed, a page is then displayed asking the user to enter their personal information in order to receive the bogus offer.
Figure 2: Fake survey
Figure 3: Bogus Web page asking for personal information
We recently blogged about the persistence of spam with .pw URLs and not surprisingly a lot of the Mother’s Day spam messages contain .pw top-level domain (TLD) URLs. The following are some examples of the From header using .pw URLs that we have identified to date:
Figure 4: Another dodgy website related to Mother’s Day
Symantec is observing an increase in spam volume related to Mother’s Day, which can be seen in the following graph.
Figure 5: Volume of Mother’s Day spam
The following are some of the Subject lines observed for these spam attacks:
Symantec advises our readers to use caution when receiving unsolicited or unexpected emails. We are closely monitoring Mother’s Day spam attacks to ensure that readers are kept up to date with information on the latest threats.
Have a safe and happy Mother’s Day!