Groupon Brandjacked in New Spam Campaign


Security researchers have detected a new spam campaign that’s brandjacking Groupon.

The messages look like legit marketing emails from the company, urging the recipient to sign up for the site’s Daily Alerts service. The sign up link included leads to a malicious site that tests the user’s system for various exploits and downloads malware. A previous version of the campaign included an attachment called “GiftCoupon.exe” but presumably the scammers behind it quickly realized that just about everyone knows better than to open an .exe file sent to you via email, and that no legit company would ever send an attachment like that. The scammers apparently took the time to learn how such services worked and tried again.

Amazon’s competing service, Amazon Local Deals, has also been similarly exploited, but those emails were much less legit looking. It’s not surprising that spammers and scammers have begun exploiting these services as they’ve exploded in popularity and there are always going to be people whose excitement over an almost too-good-to-be-true deal will outweigh their common sense. Spammers may also be hoping to cash in on the flood of holiday shoppers that will soon be scouring the net for deals when the shopping season begins next week.

Worldwide, spam accounts for 71.5% of all email and 3.9% of all spam sent is malicious. That figure has risen over the past quarter and is expected to continue to do so with the holiday season arriving. While overall spam levels are continuing to level off and slowly fall, malicious spam and targeted phishing attacks are seeing increasing popularity with cybercriminals.

Written by Sue Walsh


  1. Alexander Thicke · November 17, 2012

    I would like to thank the writer for bringing this up. I know a lot of people are currently using Groupon, and a number of them may still not be aware of this latest scam. But let me tell you, though, that Groupon has been a mess for a long time now, and I know that sometimes they have this “I don’t care” attitude. I’m not really sure if they’re going to share this news soon to their loyal customers, though I certainly hope they would as this blog surely cannot reach everyone. They certainly need some kind of protection.

  2. Kim Parker · November 19, 2012

    This “GiftCoupon.exe” thing made me laugh. These guys must be real amateurs to use it. The next best thing would have been “Virus.exe” or something along that line. I’m not using Groupon and I don’t know if they have the habit of regularly mailing their subscribers but if they do, this might be bad because when you know you are getting tons of emails from Groupon, you just don’t pay attention to one more email that is malicious though.

  3. Elliott Thompson · November 20, 2012

    Well, it’s the season. We have Black Friday, Thanksgiving, Christmas, and New Year. Wait, you can even count Valentine’s because honestly it’s only a few months away. So there are plenty of reasons for people to shop and for phishers to take advantage of such behavior. With so many problems Groupon is facing today, however, I’m not too sure if they still have the time to entertain this. Simply put, the only ideal way for people to watch out is to share this page (which I already did). Anyway, I hope all scammers and spammers die because they’re simply making our lives miserable.

Leave A Reply