Security researchers from Symantec are warning about a recently intercepted flood of Xmas themed malicious and fraudulent campaigns. Isn't it too early for such type of campaigns to be launched, or are the spammers behind these campaigns relying on a different set of marketing tactics? The campaign is a great example of a flawed event-based social engineering attempt. Not only are the senders completely unknown by the recipients, but also, users are exposed to fraudulent E-shops for counterfreit shops, something that weren't looking for to begin with.
The mentality behind these types of campaigns is fairly simple - starting from the basic fact that a user will not be interested in requesting bulk orders of viagra by default, the cybercriminals are relying on incidential discovery of their fraudulent proposition in an attempt to convert these users into potential customers.
Over the past year, we've seen numerous attempts to entice users into clicking on these links, by impersonating a legitimate message or notification from a respected, trusted and well known brands. These are prone to intensify over the next two months.
Users are advised to avoid clicking on links found in such messages, and to report them as spam immediatelly.