Thanks to Vivek Krishnamurthi for contributing to this blog.
Every sensitive event is an opportunity to exploit. With this motive in the background, it is not surprising to see spammers exploit 9/11. With the 10th anniversary of the tragedy just a day away, spammers want to make the best use of this emotionally charged environment.
Here are two examples of scams that Symantec has noticed in recent days that attempt to exploit the emotional scars left by 9/11:
Figure 1: First email example exploiting 9/11
Figure 2: Second email example exploiting 9/11
The first sample tries to entice users to click a link in order to get more information about a new Justice Coin minted to commemorate the success of operation Geronimo, in which Osama bin Laden was killed by Navy seals. The subject reads “September 11, 2001 remembrance.” The second sample is a survey scam that promises a $250 gift card for taking a "September 11 Survey."
Both examples are email harvesters that want to check the validity of the recipient's email account (which would occur if the recipient clicked any of the links) and to extract more information from the victim. For example, if the victim fell for the scam, clicked a link, and offered any further personal data in the survey or filled out the order form for the commemorative coin (figure 3).
Figure 3: Example of "order form" for commemorative 9/11 coin
Symantec advises users to be vigilant, especially if they are tempted to respond to unsolicited or anonymous emails related to 9/11. Don’t let scammers play with your emotions and entice you to become trapped in their net. Remember: updating antispam signatures regularly helps prevent personal information from being compromised.