Hospitality Spam Takes a New Ride

Hospitality is the friendly bonding between the guest and host, especially efforts to make the guest feel comfortable. Spammers exploit hospitality events, and the bond between guest and host, with fake promotional offers. We are currently observing an increase in spam messages which exploit hospitality offered by major events, festivals, and concerts. The spam messages invite users to watch the events at entertaining venues happening in different places. Hospitality spam tries to entice users with bogus offers such as the following:

  • Luxury items
  • Fine dining
  • Champagne
  • VIP parking
  • VIP hostess service
  • Gambling
  • Q&A with sports celebrities
  • Large plasma screens
     

image1_1.jpeg

Figure 1. British Grand Prix hospitality spam
 

image2_0.jpeg

Figure 2. Ashes Series hospitality spam
 

A variety of subject lines have been observed in the hospitality spam attacks, such as the following:

  • Subject: VIP HOY Show hospitality
  • Subject: Unique opportunity to present a trophy at top event
  • Subject: Ringside dining action at HOY 2013
  • Subject: Exclusive Equine ringside action
  • Subject: Champagne journey to bitter grudge match
  • Subject: Looking for an evening of champion sport?
  • Subject: A unique moment to talk with the legendary Murray
  • Subject: 2013 Festival of Speed
  • Subject: Exclusive Race Day Hospitality with Murray Walker
  • Subject: A unique moment to talk with the legendary Murray

The "From" address associated with these hospitality spam emails include the following:

  • From: F1 Deals <mail@[REMOVED]>
  • From: Grand Prix <mail@[REMOVED]>
  • From: The Festival of Motoring <mail@[REMOVED]>
  • From: German battle <mail@[REMOVED]>
  • From: Horse Show <mail@[REMOVED]>
  • From: Top Horse Events <mail@[REMOVED]>
  • From: How's that? <mail@[REMOVED]>
  • From: 2013 Race F1 <mail@[REMOVED]>

The main motive of these spam campaigns is to lure recipients by providing fake promotional offers and asking users to reply with questions about the event to the spam domain which is only registered for a year and hosted in the United Kingdom.

Symantec advises our readers to use caution when receiving unsolicited or unexpected emails. We are closely monitoring these spam attacks to ensure that users are kept up to date with information on the latest threats.