In the past month we have seen a new wave of malicious spam which relies on requests for delivery confirmations of unsolicited emails. http://www.scmagazineus.com/Spammer-campaign-exploits-email-read-receipts/article/119130/ This spam has 3 traps in it.
First, if you read the message and allow images to be displayed, the retrieval of the image will cause your email address to be placed in the spammers list of valid addresses.
Second, if you delete the email message, and don't have "ask me before sending a response" or "never send a response" turned on in your email tracking options tools menu, an email return receipt confirmation will be automatically sent to the spammer when you delete the message, verifying the validity of your email address.
Third, if you choose the unsubscribe or opt-out option contained within the email message, you will again cause your email address to be placed in the spammers list of valid addresses.
This highlights how important it is to disable the email preview option of your email application, especially if you don't block images from being loaded. Additionally, check how your email application handles read receipts/confirmations, you may be telling spammers that they have a valid email address simply by deleting the message, which will invite even more spam.
This blog is dedicated to discussions and ideas regarding Privacy and Security topics. See www.ePrivacyAwareness.com for more information.
Posts
Blog Archive
About Me
- Tony
- I'm an Certified Information Systems Security Professional with over 8 years of experience in Information Security, and over 20 years in Information Systems and Development. One of my previous roles was as the Director of Enterprise Architecture and Information Security for a Fortune 500 Insurance Company. In this dual role, I had the opportunity to work with key stakeholders in the business units, along with the Privacy Officer, General Counsel and Application Development teams. See the website at www.ePrivacyAwareness.com for more information.