Phishing Email Message Spoofs Reader's Digest India

 Analysis by: Chloe Ordonia

Trend Micro received samples of an email message that poses as a letter from Reader's Digest India. It informs recipients that they are potential finalists of a supposed sweepstakes. The message then instructs them to click on the link provided in order to access the website so that they could qualify for the cash prize. However, the link instead leads to a phishing site, which requires users to disclose personal information such as their email addresses and the like.

What makes this attack particularly noteworthy is that it resembles a combination of a 419 or Nigerian scam and a phishing attack. This is due to its deceitful nature through social engineering (pretending to be an official message from an organization) and its way of stealing information (redirecting the user to a spoofed web page where users need to insert personal data) respectively.

A 419 scam or Nigerian scam usually comes in the form of an email that begins by introducing the sender as someone from a reputable organization, and then asks the reader for financial assistance. The most famous of which (and thus gets its name from) is the Nigerian scam, where the sender passes himself off as a wealthy personality from Nigeria that desperately needs a meager amount of money in order to deposit a large sum of cash (usually amounting to millions) into an overseas account, more often than not the user's own. The reader would then be given a percentage of the deposited money. In reality, of course, the only transaction taking place would only be the victim sending the their own money to the Nigerian sender, completing the fraud.

Some recent examples of the 419 scam include one that purported that the reader won a contest related to the London 2012 Olympic Games, asking the user to supply his personal information. Another example targeted football fans by tricking them into believing that they've won an enormous cash prize related to last year's FIFA World Cup.

We have come across many variations of this type of online fraud, from appeals supposedly made by charities that direct the user into making donations to a bank account completely unrelated to the original organization, to actual death threats levied against the user, where the threat upon their life will only be curtailed by their quick compensation and cooperation.

A phishing attack, on the other hand, involves creating spoofed versions of webpages that ask for sensitive user information, such as login usernames, passwords and bank account numbers. Should a user enter their information into such a page, the sensitive information is collected and sent to the cybercriminal responsible for the page itself, no doubt for malicious purposes. In this case, users are lead to a page where they must confirm their eligibility to win the supposed Reader's Digest cash prize, and it asks for their personal details. With the advertised event being confirmed false, it is also confirmed that whatever information is divulged in this page will be sent to cybercrminals.

Trend Micro advises users to inspect such email messages closely and to never click any of the links provided in these. It is typical for spammers to use established brands, such as Reader's Digest, or enticing contests to cloak their malicious schemes. Users should first verify with trusted sources about the existence of these promos to avoid becoming victims of such ruse. Contacting the organization purportedly behind the message by other means such as actual on-site visitation or a call on their hotline should also work as a way to verify if the message itself is in fact true.

 SPAM BLOCKING DATE / TIME: November 26, 2011 GMT-8
  • ENGINE:6.8
  • PATTERN:8544