by Dave Michmerhuizen & Luis Chapetti – Security Researchers
Spammers often take advantage of a wide variety of recognizable brands; Microsoft, UPS, banks, even the FBI. Whenever a large natural disaster strikes, such as the recent Colorado wildfires, spammers diversify and send donation emails using the brands of well known charities. A good example of this type of spam recently came to our attention. This particular email is very convincing looking and even includes links that point to a reputable site – paypal.com.
- (click for full size image)
Clicking the link in the email does, in fact, take you to a payment form on paypal.com. Unlike most spam, your personal information isn’t being solicited, and your credit card is safe. Ultimately, the question you are left with is: just who are you sending money to?
(click for full size image)
Other than a short user-supplied bit of text, there is no indication that Thomas March has any connecttion with the American Red Cross. While paypal.com is a well known legitimate website, that means nothing when it comes to the destination of monies transferred. There is no real guarantee that a ‘donation’ made here will ever reach the Red Cross.
In fact, the American Red Cross does not solicit donations in this manner. Instead, the national headquarters and the regional branches all use their own HTTPS protected web forms for donation, such as this one.
(click for full size image)
Indeed, the Colorado chapter of the American Red Cross has their own secure donation page.
This underscores one of our primary pieces of advice when it comes to email security. Never follow links in email. The risk that the link is spoofed is just too great. If there is an organization whose web page you want to visit to do business with, or make a donation, manually enter the domain name in your browser. Because of fraud, spam, and examples like this one, most large web sites will not include links in their emails.
Barracuda Networks customers using the Barracuda Spam & Virus Firewall are protected from these emails.
Leave a reply
