Spammers Put New Twist on Autoresponder Spam

Written by Sue Walsh on October 4, 2011

Spammers have combined typo squatting with auto-responders in a new spam campaign. Here’s how it works: A spammer registers an often misspelled domain, such as “yaoo.com”, and sets up email accounts there. When someone’s typo sends their email there, a fake auto-responder message is sent with a link to a spam site. Here’s the experience of an AP reporter:

An Associated Press reporter accidentally sent a message to a “verizonwireless.co” address instead of the proper “.com” and got this response, ostensibly from his contact “tom”:

“I am out of office right now on a my (sic) dream vacation and will get back to you when I return. If you don’t hear from me, my assistant should contact you shortly. You should check this site to see how I scored the best travel deal for my trip.”

The link led to a site that advertises luxury resorts. While a lot of major sites have made it a habit to buy up all the possible misspelled versions of their domain and set them up as redirects to their actual site, there are still tons of sites out there a spammer could apply this new method to. It’s not really all that slick though. Most people know that auto-response messages don’t generally contain advertising and those that do would not contain pitches for sites or services completely unrelated to the company they are from.

Do you think this new campaign will be effective? Why or why not? Leave a comment and let us know what you think.

Comments

@EmailKarma October 4, 2011

This is hardly a new tactic by spammers, they have simply modified it to go beyond the auto-reposnders being used from hacked hotmail/yahoo/etc… accounts advertising electronics in China or vacations at expensive destinations.

Cost = $0
>1 sucker = success

Kevin Love October 7, 2011

I doubt it. Like you said, since when do autoresponds, especially from large corporations, feature advertisements? Especially for people dealing with the press. Don’t you think their HR department would have a field day with that? Maybe the one-off person trying to write a complaint email, but professional-to-professional, I don’t see how this could work.

Richie October 31, 2011

The tone of the email sounds everything but business-like and this will ring a bell with everybody who knows at least a bit about spam. Not the cleverest spam message I have seen for sure.

  • (required)
  • (required)