Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

Phishing, Malware and Survey Scam Campaign - 'Click Here To See Attached Photos'

Spam emails invite recipients to "Click here to see the attached photos", "Click here to see the attached video", "Click here to read this message" and other similar messages.

Brief Analysis
This is an ongoing spam campaign designed to steal Windows Live login details and/or trick users into participating in online survey scams or visit websites that harbour malware. The criminals use the stolen information to hijack Windows Live accounts and use them to send further scam and malware messages.

Bookmark and Share
Detailed analysis and references below example.

Last updated: 19th April 2012
First published: 19th April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer

Subject: xoxo

Click here to see the attached video

Subject: woot

Click here to see the attached photos

Subject: oH!!

Click here to read this message

Detailed Analysis
For several months spam emails like the ones shown above have been hitting inboxes around the world. The emails arrive with a variety of brief and usually meaningless subject lines and contain only a hyperlink rendered in a large font.

The messages are part of an ongoing campaign that apparently has multiple criminal purposes. Many of the links open a fake login website designed to closely resemble a genuine Windows Live sign in page:

Windows Live Phishing Website

If recipients fall for this ruse and enter their login details, their Windows Live accounts are subsequently hijacked and used to blast out more of the same spam messages to people included on the account's contact list. After supplying their login details, some users will then be redirected to compromised websites that contain various types of malware. In other cases, they will instead be taken to a survey scam website that promises them the chance to win free products such as computer equipment in exchange for participating in various "surveys" or "offers".

Some of the "survey" pages ask users to provide personal information including name, address and contact details, ostensibly to allow them to go in the draw for a prize. Others invite them to download dubious toolbars, games or software. Still others will claim that users must provide their mobile phone number - thereby subscribing to absurdly expensive text messaging services - in order to get the results of a survey or go in the running for a prize.

Suvey scam subscription page

No matter how many offers or surveys they complete, or what services they subscribe to, victims will never receive their promised free gift or even a genuine competition entry. The scammers who create these bogus promotions will earn commissions via suspect affiliate marketing schemes each and every time a victim completes an offer or participates in a survey. Victims may also be faced with large phone bills for unwanted mobile phone services and, because they have provided name and contact details, they may be inundated with unwanted promotional emails, phone calls and junk mail.

Subject lines in these scam emails vary considerably. The text of the malicious links in the emails also varies and may be different than the examples included here. Some versions of the scam emails seem to bypass the initial phishing scam page and go directly to the malware or survey scam websites. The malicious links also incorporate the email address of the account receiving the scam messages. This means that clicking the links can not only open a scam website, but can also "verify" the email address as valid thereby leading to further increases in email spam.

If you receive one of these messages, do not click on the link it contains. Simply delete it.

Bookmark and Share References
Windows LIVE email and password theft
What is a Facebook Survey Scam? - Survey Scams Explained

Last updated: 19th April 2012
First published: 19th April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer