Email Spam Re-produce False News Alerts for “Work From Home” Scams

Scammers have been busy these days generating false news alerts through email spam. In this way, they are trying to advertise their so-called rewarding “work from home” business. They are using names of well known news agencies in the email headers to arouse curiosity in the email reader’s mind. Using these names in the Subject and From headers, they want to give recipients an impression of authenticity. In doing so, users may feel compelled to believe in claims made in the email contents and, of course, to click URLs as well. One of the sample subjects below even goes on to blame the U.S. President Barack Obama and his policies for affecting the unemployed.

Some of the sample headers seen in the attack:

Subject: Yahoo! investigates "impossible" claims.

Subject: Need some money? ITV wants to help

Subject: BBC USA investigates: "Change your life in 60 seconds!"

Subject: Change your life in 60 seconds.

Subject: Obama's policies affecting unemployed

Subject: Yahoo!: Stay-at-home Dad Makes 7,208/Month Part-Time

Subject: Fox investigates "impossible" claims.

Subject: Yahoo! breaking news

Subject: CNN USA investigates latest claim.

Subject: Breaking news for Homemaker Father.

Subject: Fox News investigates latest claim.

Subject: Breaking news for Stay home Mother.

Subject: Homemaker Father claims investigated by TBS

Subject: Need some money? CNN! wants to help






From: "Don't pay a penny." <email address removed>

From: "Fox News: Exclusively for Stay home Mother" <

From: "Don't get scammed, free report." <

From: "Breaking news" <

From: "Yahoo!: "You can't miss this"" <

From: "Free report" <

In the recent past, they used “As seen on Oprah”, “As seen on TV”, or also “ As seen on CNN, ABC, CBS NEWS, NBC, and Oprah” in the email headers and contents. But the difference this time can be seen in the subject which says “BBC USA investigates”, “Fox investigates”, or “Yahoo! breaking news”. If the headers do not have the brand names, the URLs inside the messages may use the names of the news agencies:

[newsagency] [randomnumber]


or domains like:



Some sample messages in the form of images:

As seen in the above examples, they come straight to the point in the content, where users are provided with a Web site promoting schemes to earn money and become rich quickly. On the Web site, there are three steps that a user needs to follow, first of which is to give your personal details like full name, email address, phone number and country. After submitting the details, it guides users to a page where they will be asked to buy a kit. Such Web sites show the normal tempting stuff, like an image showing checks earned, or videos of people benefiting from the scheme. Work-from-home scams work the same way – they simply lure victims into “earn money quick” jobs that require a minimal number of work hours. Scammers further testify the successes of such schemes with the help of images or videos on their Web sites. This can seen as an effort to clear any potential doubts in a potential victim’s mind. Needless to say, these schemes often lead to loss of time and money.

After Osama Bin Laden was killed by U.S. forces last week, online readers wanted to know all the facts of the operation. Therefore, a news alert may be opened without suspicion, or just out of curiosity during this time. These emails were in circulation even before the U.S. raid took place, but looking at the continued format of news alerts, we wanted to keep users informed of this type of spam campaign. Symantec recommends users to follow the standard dos and don’ts published in our monthly Symantec State of Spam Report.

Osama bin Laden dead – so watch for the spams and scams

Google’s top-trending Anglophone search term right now is, understandably, “osama bin laden dead”.

Google officially describes its hotness (you couldn’t make this stuff up) as volcanic.

The short version, according to the LA Times, is that bin Laden was tracked to a “comfortable mansion surrounded by a high wall in a small town near Islamabad, Pakistan’s capital.”

For bin Laden, it seems, the comfort is no more. “On Sunday, a ‘small team’ of Americans raided the compound. After a firefight, [President Obama said], they killed Bin Laden.” Apparently, DNA tests have confirmed Bin Laden’s identity.

And there you have it.

Now you know the basics – but watch out for the links you’re likely to come across in email or on social networking sites offering you additional coverage of this newsworthy event.

Many of the links you see will be perfectly legitimate links. But at least some are almost certain to be dodgy links, deliberately distributed to trick you into hostile internet territory.

If in doubt, leave it out!

Sometimes, poisoned content is rather obvious. The links in this spam captured by SophosLabs, for example, give the impression of going to a news site:

The links don’t go anywhere of the sort, of course. Wherever you click, you end up finding out how to replace your tired old windows:

But even well-meant searches using your favourite search engine might end in tears.

What’s commonly called “Black-Hat Search Engine Optimisation” (BH-SEO) means that cybercrooks can often trick the secret search-ranking algorithms of popular search engines by feeding them fake pages to make their rotten content seem legitimate, and to trick you into visiting pages which have your worst interests at heart.

Well-known topics that have been widely written about for years are hard to poison via BH-SEO. The search engines have a good historical sense of which sites are likely to be genuinely relevant if your interest is searches like “Commonwealth of Australia”, “Canadian Pacific Railway” or “Early history of spam”.

But a search term which is incredibly popular but by its very nature brand new – “Japanese tsunami”, “William and Kate engagement”, “Kate Middleton wedding dress” or, of course, “Osama bin Laden dead” – doesn’t give the search engines much historical evidence to go on.

The search engines want to be known for being highly responsive to new trends – that means more advertising revenue for them, after all – and that means, loosely speaking, that they have to take more of a chance on accuracy.

What can you do to keep safe?

* Don’t blindly trust links you see online, whether in emails, on social networking sites, or from searches. If the URL and the subject matter don’t tie up in some obvious way, give it a miss.

* Use an endpoint security product which offers some sort of web filtering so you get early warning of poisoned content. (Sophos Endpoint Security and Control and the Sophos Web Appliance are two examples.)

* If you go to a site expecting to see information on a specific topic but get redirected somewhere unexpected – to a “click here for a free security scan” page, for instance, or to a survey site, or to a “download this codec program to view the video” dialog – then get out of there at once. Don’t click further. You’re being scammed.