The Many Faces of Clickbait
Malicious clickbait comes in so many different varieties! Over the 6+ years that we’ve been educating netizens about it we’ve illustrated many hundreds of examples. Most take the form of familiar products and services to lure us into a false sense of safety by seeing a product/service that we recognize, like the Terminix email above. However, some of the malicious clickbait we see falls into an entirely different category…. Social engineering based on a human interaction! These little landmines are tossed, willy-nilly, via texts, into inboxes and through social media posts. Here are a few recent ones that deserve to see the shining light of day….
“Why are you sending me this kind of pictures?”
You’ll notice there this email, received by one of our readers, doesn’t contain any links at all. So how can it be malicious? It is actually the perfect social-engineering trick! Trick people into confirming their email address and that they will open an email I send. And if you respond… “what are you talking about? I don’t know you and I never sent you anything” you will VERY likely get a reply that says something like “yes, you did! I’ve attached a copy of the photos you sent me, see for yourself.” And you can be as certain that bear poop stinks, the attachment will be a malware trap.
It’s important to note that every blurred out area on this email was the user’s email name, NOT her first name. Meaning that this malicious clickbait was created after criminals scraped her email address from some database and repeated it several times in this email.
“Latest news about textbot[.]eu”
“Milena” sent us an email that seems so innocent. She’s sent us a domain name that she thinks will interest us. Her email was sent on April 1, a notorious day for jokesters! And since that domain, textbot[.]eu, was registered in Germany on that same day, we decided to lunge for the delete key!
We know Meghan and we know that Meghan doesn’t have an email address on a server in Vietnam (“.vn” = 2-letter country code for Vietnam.) However, what was very clever about this malicious clickbait was the fact that the criminals wishing to do us harm included a copy of an email from Meghan’s REAL email address and a harmless link so we might think the entire email was trustworthy! Sucuri.net had no problem finding the malware at the end of that top link on a server in the North Mariana Islands in the Pacific Ocean. (“.mp” = 2-letter country code North Mariana Islands.)
Speaking of international travel, we also got an email from Beth via a server in Japan. We know Beth and she doesn’t use such an email address. The link points to a server in Russia! We know how this story goes….
Finally, the many faces of malicious clickbait will often use names that sound legitimate or of interest and are misleading! Like this text (receiving into our email inbox) containing an email address named “Credit Score Update fviounw.” But that clickable email address was actually a link pointing back to the oddball website km5tb2[.]com. Again, a simple WHOIS lookup tells that this oddball domain was registered on the same day this text was sent. We know this story all too well!
Daily Scam Home Page