Security researchers have detected a new spam campaign that’s brandjacking Groupon.
The messages look like legit marketing emails from the company, urging the recipient to sign up for the site’s Daily Alerts service. The sign up link included leads to a malicious site that tests the user’s system for various exploits and downloads malware. A previous version of the campaign included an attachment called “GiftCoupon.exe” but presumably the scammers behind it quickly realized that just about everyone knows better than to open an .exe file sent to you via email, and that no legit company would ever send an attachment like that. The scammers apparently took the time to learn how such services worked and tried again.
Amazon’s competing service, Amazon Local Deals, has also been similarly exploited, but those emails were much less legit looking. It’s not surprising that spammers and scammers have begun exploiting these services as they’ve exploded in popularity and there are always going to be people whose excitement over an almost too-good-to-be-true deal will outweigh their common sense. Spammers may also be hoping to cash in on the flood of holiday shoppers that will soon be scouring the net for deals when the shopping season begins next week.
Worldwide, spam accounts for 71.5% of all email and 3.9% of all spam sent is malicious. That figure has risen over the past quarter and is expected to continue to do so with the holiday season arriving. While overall spam levels are continuing to level off and slowly fall, malicious spam and targeted phishing attacks are seeing increasing popularity with cybercriminals.