Beware emails that claim to be from Twitter or YouTube
Neither Twitter nor YouTube is going to send you emails that lead to phishing or malware sites, but spammers may well be sending you emails that pretend to be from them. This morning, for example, I had one that claimed to be from Twitter (see photo below), with the Subject line: "Unfortunately 1 direct message rejected". One that claimed to be from YouTube said: "Hey, you have notification pending".
The problem, of course, is that the From: line in an email can easily be spoofed to say whatever the spammer wants, and most email clients no longer show the headers that might expose the fakery. The headers in my "Twitter" email, for example, suggest it came via TalkActive in Denmark, and the Reply address is at Gentle Ben's Brewing Co in Tucson, Arizona. ("Our restaurant offers complimentary WIFI internet connection; free of charge.") Neither of those suggests the email actually came from Twitter.
The purpose of this type of spam is to get users to click on links that might purport to go to Twitter, YouTube or another respected site, but actually go somewhere completely different. That might be a phishing site that asks you to enter your log-on name and password, or a poisoned site that tries to install malware. In both cases mentioned above, the links go to what I assume are pharmaceutical sales sites.
The "Twitter" email's link would have routed me via a redirect at born2host.com to controlpills.net, which is a domain name registered to Leena Mandemaker (reel@mail13.com) in Zuid-Holland, 2202 KD. A reverse Whois lookup says "Leena Mandemaker owns about 107 other domains". The "YouTube" email would have routed me via a redirect at he-art.by.ru to pillpillspharmacy.net, which is registered to Georges Chaloux (delve@mail13.com) in Marseille, France.
I checked both sites using Comodo's Site Inspector, Google's Safe Browsing diagnostic site, and Malware URL. Happily, neither Comodo nor Google found any malware on these sites, though Malware URL has them both listed in its "Fraud / Scam" category.
I haven't noticed this particular form of Twitter/YouTube spam until recently, but similar types of fakery are common. Bear in mind that they can usually be exposed by checking the email headers, and that there are plenty of websites that will check links without you having to visit them.
In fact, there's a good rule of thumb worth teaching to family, friends and colleagues: never click on links in emails. You can, however, right-click on a link, copy it, and paste it into a text editor or a scanner such as Site Inspector. That will usually reveal that clicking the link to "Twitter support" (or whatever) would have taken your browser somewhere completely different, and not somewhere you'd want to go.
