May 13, 2014 witnessed the release of another posthumous compilation album of Michael Jackson recordings, named Xscape. This reworked collection of Jackson tracks was highly anticipated by music lovers, ever since its announcement in March, 2014. News of the album release has once again made Michael Jackson a hot topic and, unsurprisingly, spammers have been quick to exploit this.
This spam campaign uses a very simple email which is crafted to appear like personal mail. It uses Michael Jackson’s name and some of his song titles to create intriguing subject lines. The body of the email contains a link along with a generic comment. A name is used to sign the email message, as seen in Figure 1, in an effort to give the impression that an acquaintance has sent you an email with a link to the new Jackson album. The URL in the body of the email redirects to a fake pharmacy domain which promises cheap medicines without prescription.
The following are subject lines seen in this spam campaign:
- Subject: $ Planet Earth (Michael Jackson poem) $
- Subject: * List of songs recorded by Michael Jackson *
- Subject: * List of unreleased Michael Jackson songs *
- Subject: [ Hold My Hand (Michael Jackson and Akon song) ]
Figure 1. Example of Michael Jackson spam email
We expect more spam exploiting this news in the coming days and believe the possibility of such emails being phishing attempts or containing malware to be very strong.
Users are advised to adhere to the following best practices:
- Do not open emails from unknown senders
- Do not click on links in suspicious emails
- Never enter personal information on suspicious websites, as they may have been created for phishing purposes
- Keep your security software up-to-date to stay protected from phishing attacks and malware