Categories
Security

Check the spam folder looking for gifts

The spam folder is a huge nest of advertising emails, spam emails, scams, hoaxes, gifts, surveys, etc. I’m going to analyze one of those emails that’s in that folder. Saying that being in that folder already gives us a clue about the message. That message is there for something.

The message with an alleged gift, see Fig. 1, that  you have to claim now I have found it in a short time. You can really claim it whenever you want, as long as the page exists. We are deceived in several ways, starting with being an email that is not encrypted. Besides, we see that amazon is coming in the FROM field.

correo gmail regalos
Figure 1. Mail received in spam folder

The whole message has a single url

The entire message has multiple embedded web links. You can see where the link points by putting the mouse just above an area of the message where it has hyperlinks. All those links, even the one that is supposed to be to request the unsubscribe (where by ‘To stop this, please see here’) is the same address. Of course that url is a redirect that can trick us because it is https but it is through the google api and also in sender crudely tells us that they are amazon.es.

regalo gifts
Figure 2. Mail with gift, gift only for spammerS

The original message with gifts

Gmail provides detailed message information by clicking on the ORIGINAL MESSAGEoption, as you can see in  Fig. 3..

correo
Figure 3. Original message

Googleapis.com itself is a legitimate service (API) offered by Google. However, there are many cybercriminals (scammers) who use it to promote various support scams (technical) or gifts of different types.

Why I get that email with presents

That email arrives at this email address that I use because it has been shared online. I signed up for many pages over the years with that email address. Some of those pages shared my address wanting or inadvertently with cybercriminals, who sold my address to others for further spam. They don’t send you a spam email without knowing that the address they’re sending to exists.

Analyzing the address that comes in the mail

Now let’s analyze the address with the online virustotal.com. There is an engine that detects that that url is phising, that is, they pretend to be something but they really are not, a hoax.

virus total

If we go towards CLEAN MX, a Mexico engine has more details.

Conclusion about the gifts

The presence of an email in the spam folder no longer indicates that the email in question is likely to be spam. Spam emails where gifts are made pretending to be a great company and using redirect that use googleapis which may seem legitimate, are not. Chances are you’ll end up doing a survey or a virus on your computer. So… never listen to those emails, and let them die in the spam folder.

Leave a Reply