A new wave of email scams leading to malicious sites is trying to lure in victims by spoofing popular social networking sites, a computer security firm warned Wednesday night (Manila time).
Trend Micro said it has noticed samples of emails masquerading as notifications from popular sites such as LinkedIn, Foursquare, MySpace, and Pinterest.
It said fake notifications from foursquare, a popular location-based social networking site, pretended to be an email alert, stating that someone has left a message for the recipient.
A second message is in the guise of a friend confirmation notification.
“Both messages use the address email@example.com in the ‘From’ field and bear a legitimate-looking MessageID. Similar to previous spam campaign using popular social networking sites, attackers here also disguised the malicious URLs. If users click these, the URLs direct to an empty web page containing another URL, which ultimately leads to a website selling sex-enhancement drugs,” Trend Micro said.
Similarly, bogus LinkedIn and MySpace messages disguised as confirmation email direct users to a “Wiki Pharmacy.”
Trend Micro noted the fake messages use addresses that appear legitimate such as firstname.lastname@example.org and email@example.com, respectively.
Recipients are asked by these mails to check out the provided link either to confirm their email address (for the spoofed LinkedIn) or cancel their account (fake MySpace email).
“Upon further analysis, we have identified that the senders’ info were forged. We also did not find any pertinent details that could identify these messages as legitimate LinkedIn and MySpace email notifications. These mails also used cloaked URLs that redirect to the fake site ‘Wiki Pharmacy,’” Trend Micro said.
On the other hand, Trend Micro noted fake Pinterest email notifications that contain a URL, a purported online article on weight loss.
Users who click this link are instead lead to sites that were previously found to engage in fraud activities, it said. — TJD, GMA News