Bitdefender researchers warn Romanian users that they may become the targets of a massive spam campaign that leverages the names and reputations of various celebrities such as Adele, Justin Bieber, Rihanna, Madonna or Pink.
It all starts with an email that’s entitled something like “FWD: Best of Madonna” or “Justin Bieber fan’s suicide.” In most cases, the spammers make sure to include specific keywords, such as “umbrella” to Rihanna-themed messages, to attract attention.
The shady notifications carry links that point users to malware-laden websites hosted on Russian domains. In other cases, victims are lured to rogue pharmacy websites that offer medical products at hard-to-refuse prices.
Once they’re infected with the malware served by these sites, the victims’ machines become part of a botnet that serves its master’s malicious purpose. The affected computers are not only used for activities such as online banking fraud, but also to further spread the infection.
Considering the fact that the celebrities whose names are utilized in these campaigns are highly popular in Romania – each of them being searched tens of thousands of times each month on Google – it’s likely that the cybercriminals know that their chances of recording a huge success grow considerably if they target the country's internauts.
“Clicking on an e-mail that contains names such Justin Bieber (the fourth most popular star in Romania with 201,000 searches a month), Pink (ranked 5th according to the number of searches – 165,000), or Rihanna definitely poses a degree of risk,” Bitdefender Chief Security Strategist Catalin Cosoi explained.
“The risk is even greater when the celebrities named in the e-mail are the subject of a recent scandal or some other big news. Scammers are constantly following stars and trends to figure out what people most want to read about, then they serve it to them, laced with malware.”
Experts advise users to be cautious when opening celebrity-themed emails. If they carry suspicious attachments or point to shady-looking domains, they should be deleted immediately.