No Image

How do you react if you receive an email with subject “Your file has been uploaded”?

A spam campaign sending emails from an “Auto ImageService” with the subject “Your file has been uploaded” is making its round on the Internet. The content of the email (see below) is very simple and advertises a link to a photo taken with a digital camera (DCIM stands for Digital Camera IMages) which was allegedly uploaded to some online image service. And now to my question: How do you react if you see such an email in your Inbox ?     I guess, most people would think: “What file? Oh, a photo? Hmm…” And here it goes: – You know that JPG is a photo. Do you have compromising photos on your computer ? Is it maybe one of those photos? Better quickly check it…Click. Btw, if you are in this situation, you may want to check this article: Tips to secure your photos (including those with you naked) – You don’t know that JPG is a photo. You react to “file uploaded” and you click.   Fortunately, at the moment when I checked this URL it was redirecting to a Russian website with online pharmacy. However, the target website at the first level of redirect was an obfuscated Javascript file that…

No Image

Facebook and Twitter Phishing (on first sight)

The source of the articles is in the Avira Techblog: Twitter Phishing (on first sight) Facebook Phishing (on first sight) Twitter Over the weekend our spam traps received a massive wave of emails looking like the one below: The emails seem to stem from “Twitter Support” ( and are addressed each to exactly one unique email address. The link in the email seems to be unique for each email sent, too. Quite an effort to make the email look more legitimate. The target link is always a compromised website holding an html page. Amazon: Bestsellers Electronics and Photo After clicking on the URL, a multiple stage redirection takes place. On some of these redirection websites, the intermediate page raises alerts because our engine detects encrypted content in JS. Finally comes the surprise: The target website at the end of the redirects is not a phishing website but a Canadian online pharmacy. For me personally this was a “Wow!” moment. Why did the spammers choose to send the emails as Twitter phishing? I think that the explanation is simple – they did it because nobody did it before. As usual, users of the Avira Premium Security Suite and the users of…

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.