Spammers have begun sending email notifications from reputable services such as Dropbox and Google+ to push users to sites with affiliate payout programs.
According to research from Symantec, scammers are taking advantage of notification functionality in order to evade spam filters as the message usually contains text along with links, with them originating from a Dropbox email address makes it more likely to bypass spam filters.
“Most of the links we encountered used Google’s short URL service, goog.gl, while some were direct links to landing pages created by the scammers themselves,” the research said. Often the messages contained text aiming to lure the user into the
Also, spam messages used Google+ notifications which originated from rogue accounts which are used to create a public post that includes a photo album of pictures of women that have been posted elsewhere on the internet. This public post is then shared with other Google+ users in order to reach their inboxes.
Satnam Narang, senior security response manager at Symantec, said: “We shared these scams with Dropbox to help combat the issue, and they informed us that they are aware of the issue and actively monitor Dropbox for evidence of abuse in an effort to detect and prevent this activity.
“Additionally, The Dropbox abuse team confirmed that they investigated and implemented countermeasures to mitigate the spammers, including quickly shutting down their accounts.”