14 DAY TRIAL // How does an email message look like? First, it's the subject of the message which usually tries to be very attractive, including popular terms such as drugs, watches or other advertised products. Then, there's the sender's email address which is often fake and created to look like a real one. The message body tries to convince the reader that the advertised product must be bought but it also includes a link to a website. This is the most important part of the email spam message because the webpage may contain dangerous elements such as malware or viruses aiming to infect the visitors' computers. But how can a hacker trick the reader and convince him that the website is safe for visiting? Here's how:
Google is one of the most popular web services, with millions of users every day. It's pretty obvious that Google's website is clean and doesn't represent any threat for the visitors. That's why spammers looked for a way to introduce a Google link inside their message. And they found one. As the folks at Symantec reported, the spammers used the Google 'I'm feeling lucky' function to create a link to the advertised website, making the visitors believe they're visiting a Google service.
In case you don't know, the Google 'I'm feeling lucky' feature provides direct access to the first Google result displayed for certain keywords. This function can be easily tricked to redirect a user to another website using a Google URL. The guys at Symantec describe the entire procedure in three easy steps:
1. The spammer devised a query string which yielded only his or her URL as result of an advanced Google search. 2. The spammer then simulated the click of the "I'm Feeling Lucky" button that will take you to the URL of the first result that comes up for the entered search query. 3. Lastly, the spammer packed this URL into a regular email and sent it out to evade spam filters.