Scam messages that purport to be from banks, government institutions, or even from certain individuals circulate the Web. Email messages where recipients are told that they have won a prize or are asked for donations would already be familiar to most Web users. Scammers, however, show no signs of slowing down using this technique.

The Trend Micro Content Security team received samples of spammed email messages with the same announcement as most scam mails: the recipient has won a huge amount of money in lottery. Except this time, scammers placed this said fraudulent content in the From field and not in the Subject or in the message body itself.

Figure 1. Sample spammed message.

The spammers behind this operation are doing this to bypass antispam products. Analyzing the sample email message above through text editor, we see how the From field is literally a common content found in scam messages. Spam filters may already be blocking messages when similar content are detected in Subject fields and in message bodies, but not in From fields.

Figure 2. The announcement is written in the From field.

Because it still is able to get the message across, these messages may still lure recipients into contacting the spammers through email addresses and phone numbers which are also given in the same email message. The scamming usually happens here, as in several cases we’ve blogged about:

• A Very Early London Olympics Scam
• Scammers Try Their Luck (Again) on The Olympics
• You Just Won the Beijing 2008 Olympics Lotto!

The Trend Micro Smart Protection Network already blocks these spammed messages, protecting users from this threat. Non-Trend Micro users are advised to not trust unsolicited email messages. Rewards and cash prizes that seem too good to be true probably are.