Spammers Exploit “E-Mail This” Functionality of Genuine Websites

Security researchers at Trend Micro the prominent Internet security company are cautioning Web-surfers that scammers, while exploiting news websites' "share via e-mail" feature, are distributing scam e-mails, which effectively circumvent anti-spam programs.

In this connection, Senior Security Advisor Rik Ferguson at Trend Micro cites one instance in which scam e-mails under a conventional 419 advance fee fraud were dispatched via the "e-mail this" functionality from the New York Times (NYT) website.

Thus, according to the security researchers, with the particular article sharing feature, any sender can add his message to a news piece being circulated and thereby open doors for a classic 419 scammer. Nevertheless, the feature isn't much used today due to the existence of Tweet or Facebook Like buttons.

Still, scammers can find it handy since it normally lets one to add his e-mail to a news story.

And though the implication of this tactic is that junk e-mails will be dispatched through an Internet Protocol address which has little chance of getting blacklisted, as also carry most content which has little chance of triggering an anti-spam filter, it surely does not make a 419 fraud any credible for the least.

Incidentally, abuse of this feature on NYT isn't something unknown. There are reports that such exploitation happened back in March 2010 too.

And possibly because of these incidences on NYT, the "e-mail this" feature now mandates users for owning an account while having it open on the site.

Amusingly, scammers have exploited the NYT website despite the requirement of users for setting a personal account for the purpose of sharing articles through electronic mail. Probably, when websites have such a feature, it may be well for them to spend on scanning technology for scrutinizing outgoing e-mails' content so that any such abuse can be thwarted. For, in case it becomes common on a particular website, that site can just get blacklisted putting it to severely harmful consequences vis-à-vis its social media abilities.

Conclusively, according to security experts, in case cyber-criminals were to embrace this technique for disseminating socially engineered hostile web-links then their scams could appear really persuasive.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 12/24/2010