Spammers tapping into social media sharing features says Trend Micro expert

According to Ferguson, he received an email on Sunday evening with a subject line 'NYTimes.com: Money for Social Science' and it turned out to be a story that a spammer had sent him from the New York Times website.

"Of course the spammer was not aware of my hidden passion for Social Science funding projects, he was simply trying out a new avenue to get his scam into my inbox", he said in his security blog.

Ferguson went on to say that the article sharing feature of the site allows the sender to specify their own message to go along with the story and notes that is where a 419 scam was linked with the email.

“Although this tactic means that the spam will be sent from an IP address that is unlikely to be blacklisted, and contain much content that is unlikely to set off a spam filter, it certainly doesn't add any credibility, to a 419 scam at least", he explained.

Trend Micro's security solutions architect went on to say that the technique could be engineered to look much more convincing.

Interestingly, Ferguson says that the abuse of the New York Times website happens in spite of the fact that users need to create an account in order to share stories by email.

"Perhaps websites offering this kind of functionality would do well to invest in technology to scan the content of their outbound emails in order to stomp on this sort of abuse", he said.

"If it becomes widespread they are very likely to find themselves blacklisted which would be a serious blow to their social media capabilities", he added.

What’s Hot on Infosecurity Magazine?