Why are you getting all these Yeti cooler giveaway scam emails in your Gmail inbox

Someone claiming it belongs to Kohl actually wants to give me a beautiful orange Le Creuset Dutch oven.

The email always says that this is the second attempt by the chain department store to contact me, although I think it’s more like the 50th because I’ve received this email many, many times over the past few months. You probably have too. Maybe it’s not from Kolya. Maybe it’s from Dick’s Sporting Goods or Costco. Whoever it claims from, the result is the same: you click on a link, fill out some kind of survey, and are asked to enter your credit card information to cover shipping costs for your free Yeti cooler, Samsung Smart TV, or this Dutch Le Creuset oven.

Spoiler: On the other side of this fraudulent email, there is no “fantastic prize” waiting for you.

These items, of course, will never come. All of these emails are phishing or emails that impersonate a person or brand that you know and trust to get information from you. In this case, it’s your credit card number. This last campaign is especially good at bypassing spam filters. This is why you may have noticed so many of these emails in your inbox over the past few months. The fact that they landed in your inbox, as well as the realistic representation of the emails and websites they link to, makes them more convincing than typical scam emails. These attacks also usually intensify during the holiday season. So here’s what you should watch out for.

“The Grinch gets coal from security companies and blocks IP addresses by Christmas, and that results in more domain hopping spam getting into your inboxes,” Zach Edwards, a security researcher, told Recode. Domain transition architecture is a series of redirects that route user traffic across multiple domains to help scammers hide their tracks and to detect and block potential security measures.

Akamai Security Research has identified a fraudulent campaign in recent report. The basic idea of ​​the scam itself – to pretend to be a famous brand and offer a prize in exchange for some personal information – is not new. Akamai is on the lookout for such scams. per a bye. But this year’s version is new and improved.

“This is a reflection of the attacker’s understanding of how security products work and how to use them to their advantage,” said Or Katz, Akamai’s Principal Lead Security Researcher.

An example of a fraudulent email masquerading as Costco.  It depicts a woman in a yoga pose in front of a large screen TV and reads: “Pure cinematic viewing in 8K.  Get it now.  Costco Wholesale Samsung OLED 8K UHD HDR Smart TV.  Congratulations!  You have been selected to participate in our loyalty program for free!  Answer the poll.

Sorry, but you, like everyone else, will have to buy a Samsung TV from Costco. This survey is just trying to steal your credit card information.

Basically, these scammers use a lot of technical tricks to bypass scanners and get past spam filters behind the scenes. These include (but are not limited to) routing traffic through a set of legitimate services such as Amazon Web Services, URLs that several of the scam emails I received appear to link to. And, according to Edwards, attackers can identify and block the IP addresses of known fraud and spam detection tools, which also helps them bypass those tools.

Akamai said this year’s campaign also included a new use of fragment IDs. You will see them as a series of letters and numbers after the hash mark in the URL. They are usually used to send readers to a specific section of a website, but scammers have used them to send victims to completely different websites. Some fraud detection services do not or cannot scan fragment IDs, which helps them avoid detection, Katz said. However, Google told Recode that this method alone is not enough to bypass spam filters.

“What we see in this recently published study is the use of new and sophisticated methods that are indicative of the evolution of fraud, reflecting the intent of the attacker to make their attacks hard to detect and classify as malicious,” Katz said. And, as we can see, it works!

But you don’t see any of that. You just see emails. At best, they are annoying, and at worst, they can trick you into giving your credit card details to people who are supposed to use that information to buy many things on your tab. The fact that they are in your inbox adds a veneer of legitimacy in the first place, and both these emails and the websites they send to victims look better and therefore can be more convincing than some typical attempts. phishing. They also change depending on the season or season. The Akamai samples collected a few weeks ago have a Halloween theme. More recent phishing emails send users to a website boasting a “Black Friday Special”.

“Literally, the holiday banners are unique, so this is a cool new addition,” said Edwards.

An example of a scam website offering a prize from Dick's Sporting Goods.  It features a Yeti refrigerator and reads:

Dick’s Sporting Goods is not giving away the Yeti Cooler, even if you complete the survey.

And it all seems to be unfolding on a massive scale, so most of the people reading this probably didn’t get one of these emails, but their onslaught stretching over several months.

Or, as one of my colleagues told me when she forwarded me an example of one of the many scam emails she received in her Gmail inbox: “Help.”

A Google spokesperson told Recode that the company is aware of the “particularly aggressive” campaign and is taking action to stop it.

“Our security teams have determined that spammers are using another platform’s infrastructure to pave the way for these offensive messages,” they said. “However, despite the evolution of spammer tactics, Gmail actively blocks the vast majority of such activities. We are contacting another platform provider to address these vulnerabilities and, as always, are working hard to stay ahead of the attack.”

Google also recently released Blog post warning users of holiday season scams, and the fake giveaway was at the top of the list.

“Got an offer that looks too good to be true? Think twice before clicking on any links,” wrote Nelson Bradley, manager of Google Workspace Trust and Safety.

Google also noted that it blocks 15 billion spam emails every day, which it believes represents 99.9% of spam, phishing, and malicious emails that are sent to its users. Bradley wrote that the number of malicious emails has increased by 10 percent in the past two weeks. To be honest, I think there are more Kohl’s fake emails in my spam filter than in my inbox.

The spokesperson added that Gmail users can use its “report spam” tool, which helps Google better detect and prevent future spam attacks. Also, the typical advice on how to avoid phishing still applies. Check the sender’s email address and the URL it refers to. Do not share your personal information, especially account passwords or credit card numbers. Take a few seconds to think about why Kohl’s just happened to give you a Le Creuset pan and Dick’s gave you a hundreds of dollar Yeti cooler just for answering a few basic survey questions. The answer is that they won’t.

You can also just spend your Black Friday buying real items from real stores (or their real websites) and give your credit card details to real employees. Good luck there; A Google spokesperson said the company expects the scam campaign to “continue at high speed throughout the holiday season.” So this will almost certainly continue even after Black Friday ends.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button