At Websense® Security Labs™, we have been tracking this trend for the past few months. Common themes include prize wins, inheritance claims, money mule schemes and, increasingly, recession-beating scams.
More and more often, fraudsters use free Webmail hosting services to send a low volume of targeted emails, in many cases using demographic profiles to target specific groups. The low-volume targeted approach maximizes the take up rate while avoiding detection by many anti-spam technologies. In addition, the use of free Webmail services renders Reputation systems redundant.
A recent example of this type of scam claimed to be on behalf of the UK Government, offering the email recipient a chance to register a claim for recession relief as a result of the recent G20 summit.
Screenshot of the email:
The email was sent out in two waves on two separate days. The first wave on April 7 was sent from a member’s Webmail service linked to a Brazilian financial Web site:
The second wave came on April 8 and was sent from a Brazilian Internet Hosting company offering, among other services, a Webmail facility:
Both low-volume waves targeted only one individual in each organization. We called the telephone number listed on the email, but it was unavailable at the time of this writing. This may have been intentional on the part of the scammer to encourage recipients to use the contact email address instead to divulge their personal information.
Websense Messaging and Websense Web Security customers are protected against these threats.
Email Threat Research Manager: David Saunders