Many countries around the world will celebrate Father’s Day this year on June 15. With only a few days remaining, people are busy planning and purchasing gifts for the greatest hero in their life. Unfortunately, this is also when Father’s Day spam and fraud emails are at their height and many unsuspecting users could get conned by these campaigns.
We have observed a gradual increase in the amount of spam taking advantage of Father’s Day since the end of May. Most of the spam shares similarities with Mother’s Day spam, as observed last month. The campaigns are not so different from the ones seen in previous years. In fact, this year, we have observed spam with the exact same products and offers as last year.
Figure 1. Product spam related to Father’s Day
Personalized gifts, cigars, car deals, clothing accessories, and electronics offers form a major portion of the Father's Day spam seen this year. Their techniques and content are very similar to Father’s Day spam campaigns seen every year. Some campaigns, however, are worth highlighting.
Gift coupon spam
This form of spam caught our attention because of its persistence. It was seen frequently over a couple of weeks, but its text and other features have been randomized. In this spam campaign, the spammers offer a free gift coupon to let users purchase gifts for their Dad. The email includes a link to activate the gift coupon, which directs the user to a Web page that demands personal information, such as credit card details, for registration. Any personal information entered on the Web page will be misused.
Figure 2. Father’s Day gift coupon spam
Replica spam
Replica spam campaigns are usually straightforward. They typically display deals on replica watches or jewellery and provide links to a fraudulent website with images of their goods. However, in one Father’s Day spam campaign, the email was made to look like a payment receipt, with a link to view billing information. Surprisingly, this was not a phishing attack, as the link simply directed users to a website selling replica goods. The site itself was prepared for Father’s Day, judging by the ‘Father’s Day Sale’ banner displayed on the site.
Figure 3. Father's day replica spam
Figure 4. The spam links to a website selling replica watches
Here are some of the email subject lines from spam campaigns taking advantage of Father’s Day this year.
- Subject: I purchased my dad aLuxuryReplica forFathers Day..
- Subject: [Name], Rewards for [Brand] (Use it Today) - PIN #959794924
- Subject: Save 80% on the Perfect Father's Day Gift!
- Subject: Premium Cigars - Perfect for Father's Day!
- Subject: Save 87% on These 12 Premium Cigars + Humidor for Father's Day!
- Subject: Personalized Gifts for Father's Day
- Subject: FATHERS DAY
Spammers will never hesitate to take advantage of any special occasion to push out more spam. Be cautious of suspicious emails that have links to websites that are not well known. Most of these spam campaigns aim to trick users into revealing personal information, so be wary of any unsolicited email that requests these details. When it comes to online transactions, you should carefully verify the authenticity of the website by checking the URL for “https”, which shows that the site is secure, along with other trust marks.
Symantec’s antispam filters have successfully blocked these campaigns, but you should keep your antispam signatures updated to strengthen your protection.
We wish all of our customers a Happy Father’s Day!