Spammers are clearly becoming more and more creative as they try new ways to bypass our anti-spam filters. Just recently, we received a spammed message disguised as a spam quarantine notification message from a competitor.
To the untrained eye, the email looks quite convincing. However, closer inspection of the message properties reveals that while the email purports to come from a certain security company, the sender’s domain name is indosatm2.com.
According to the spoofed mail, an email sent to the user has been blocked by the administrator. The user is then instructed to ignore the message if the blocked mail was indeed a spammed message or to click the embedded link to view the message.
The spammers may be trying to lure users by leveraging people’s natural curiosity. A user who wishes to know the content of the quarantined mail is thus likely to click the link. The said link currently redirects users to an already unavailable website. However, users are still advised to exercise caution when opening email messages and clicking links, even if these appear to be legitimate. It never hurts to be extra careful.
Trend Micro™ Smart Protection Network™ protects product users from this attack by preventing the spammed messages from reaching users’ inboxes via the email reputation service and by blocking access to malicious sites and domains via the Web reputation service.
Non-Trend Micro product users can also stay protected from similar bogus email messages by using eMail ID, which uses a two-step verification process to help users quickly find legitimate messages.