Spammers have combined typo squatting with auto-responders in a new spam campaign. Here’s how it works: A spammer registers an often misspelled domain, such as “yaoo.com”, and sets up email accounts there. When someone’s typo sends their email there, a fake auto-responder message is sent with a link to a spam site. Here’s the experience of an AP reporter:
An Associated Press reporter accidentally sent a message to a “verizonwireless.co” address instead of the proper “.com” and got this response, ostensibly from his contact “tom”:
“I am out of office right now on a my (sic) dream vacation and will get back to you when I return. If you don’t hear from me, my assistant should contact you shortly. You should check this site to see how I scored the best travel deal for my trip.”
The link led to a site that advertises luxury resorts. While a lot of major sites have made it a habit to buy up all the possible misspelled versions of their domain and set them up as redirects to their actual site, there are still tons of sites out there a spammer could apply this new method to. It’s not really all that slick though. Most people know that auto-response messages don’t generally contain advertising and those that do would not contain pitches for sites or services completely unrelated to the company they are from.
Do you think this new campaign will be effective? Why or why not? Leave a comment and let us know what you think.