14 DAY TRIAL // Security researchers warn of an on-going email spam campaign, which masquerades as messages from Twitter's support team. The fake emails also abuse the logo and layout of the popular micro-blogging platform.
The rogue messages have spoofed headers in order to appear to be originating from [email protected]. According to Panda Security, the spam is well constructed and is able to bypass Gmail's anti-spam filters.
In order to entice users into visiting the included link, the spam makes use of the Twitter logo and claims that recipients have unread messages in their Twitter accounts. For added credibility, it also contains a disclaimer message that normally accompanies generic emails from Twitter. "Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter," it reads.
"The advertised link in the e-mail is http://twitter.com/account/messages/83BFC-B77D4, but in like many spam e-mails, hovering over the URL will display a different destination address. Upon clicking the link, I was expecting to see some rogue antivirus, but instead I was greeted with a 'Candian Healthcare' Viagra/Cialis shopping cart scam," explains Sean-Paul Correll, threat researcher at Panda.
Meanwhile, security researchers from antivirus vendor Sophos, who also detected and analyzed this spam campaign, note that users who visit the included link are being redirected through a legit website. "Clicking on the link (which doesn't really go to Twitter) takes you to what appears to be a hacked HTML page on a legitimate site that then redirects you to a domain hosting an online pharmacy," writes Graham Cluley, senior technology consultant with the company.
As always, users are advised to abstain from purchasing goods from unknown vendors, especially unregulated medical products that can pose great health risks. Buying from spam is also associated with identity theft and financial fraud.
