Spammers find clever way to deliver their emails

Dec 18, 2015 02:35 GMT  ·  By

Out of all the emails in the world, you wouldn't expect to find spam in Dropbox or Google+ notifications, would you?

That's what security researchers from Symantec are reporting, on a new, and quite ingenious spam campaign that utilizes Dropbox and Google+ to deliver (annoying) messages.

Dropbox abused to send spam

When a Dropbox user invites someone else to view a folder, the other person receives a notification via email from Dropbox. Scammers have discovered that they can put their spammy text inside these notifications, and are now sneakily using the [email protected] address to send their spam.

The purpose of doing something like this is because email addresses associated with large and reputable Internet domains are usually whitelisted in spam filters deployed with most email servers.

This increases the chances of a spam message to reach the user, by simply taking a piggyback ride on Dropbox's reputation.

Scammers are also using Google+ notifications in the same way

The same scheme is also deployed for Google+, where scammers are publishing a post, and then they're sharing its content with the victim's email address.

Obviously, all these operations are automated via API calls, and once emails reach their targets, there's also a higher chance of users clicking on the spammy links.

According to Symantec, this lands users on adult, webcam, and dating sites, where if the user signs up, the scammer gets an affiliate fee, ranging from $2 to $6 (€1.85 to €5.55) per every user that registers.

In the past, other popular services like Snapchat, Kik Messenger, and Tinder have also been abused by clever scammers to deliver their spam.

Following their discovery, Symantec has informed both Dropbox and Google, who proceeded to ban the infringing accounts, and have set up defenses to detect abuses of their service via this kind of operations.

Spam received in Google+ notifications
Spam received in Google+ notifications

Photo Gallery (2 Images)

Spam received in Dropbox notifications
Spam received in Google+ notifications
Open gallery