The misuse of legitimate services continue as after recent reports of cybercriminals exploitng the redirecting service TinyURL to slip past spam filters, legitimate e-card services are now being used.
We have received email samples that arrive as ecards with the subject header “Regards From Secret Admirer”. The greeting cards were from Regards.com, the web’s largest collection of free greeting cards. The email claims to be sent by a user under the alias, “Secret Admirer” as read in the email.
Figure 1. Legitimate email messages from Regards.com
The email is indeed a legitimate greeting card. When the user clicks on the link provided in the email, they will be redirected to a legitimate Regards.com site. However, it is on this website that the spammer puts his message.
Figure 2. Spam cloaked in an e-card’s clothing
This seemingly innocent secret admirer turns out to be an advertiser for an adult dating site, which is also legitimate. This said adult website has already addressed the problem by informing redirected users that it has removed from their systems the affiliate responsible for the spamming.
This threat may not be a massive spamming operation. Regards.com allows the sending of cards to multiple recipients, but that could only produce extremely limited spammed messages compared to the volume of mails from automated spamming tools. Still, what’s notable here is that spammers were able to mask their operation using legitimate websites, a model that could be used in the future for more damaging cybercriminal threats.
The spammed messages are already blocked by the Trend Micro Smart Protection Network.