Within the last few days our research team could see a spam campaign from the US, offering coupons by fast food chains like Burger King (coupon “THE KING CELEBRATES SPRING!â€), Kentucky Fried Chicken (subject: “KFC for Lunchâ€) and Walmart.
Hidden dummy text: Tour de France and World Cup Qualifying
At first sight all coupon mailings might seem genuine: They are well designed and the coupon details, like “Valid for Customer†and “Offer Dateâ€, individualized. But there is one fact that is evidence enough for spam: if you scroll down the email and mark the entire content – you will discover the (before whitened) dummy text:
The goal of these inserted texts is to avoid content-based spam filtering. In the KFC samples we found a whitened CNN news text, the Burger King mailing picked up different news and updates about soccer World Cup Qualifying as tweets.
Coupons from Micronesia, link farms and Geo-IP caching
Senders of these mailings are KFC@privatebusd.pw (KFC), BKBurger@outbusd.pw (Burger King) and Walmart@backjetc.pw (Walmart) – which are certainly fake. .pw is the offical country code top-level domain for the Pacific island nation of Palau – in Micronesia. There is also evidence of geo-IP caching: German users, for example, who try to access these domains (e.g. privatebusd.pw) are automatically forwardedto the German version of YouTube.
By clicking the digital coupon image, you will directly be led to a link farm. The goal of these link farms is to influence search engine results by placinmg as many links as possible to another Website. If additionally there is an affiliate tool used, spammers could even receive money for each click.
Other coupon mailings our research team discovered, like a special offer by Wendy’s, led to fake competitions where you could win Apple products. But this is is actually just a phishing campaign, to collect customers’ data – and make money out of it.
Sorry for maybe disappointing you, but: there are no free chicken offers or giftcards and – King doesn’t celebrate spring!