Spammers are abusing the social media sharing functionality of popular web sites, to bypass spam filters.
I received an email this evening with the subject line “NYTimes.com: Money for Social Science”, turns out it was a story that a spammer had chosen to share with me from the New York Times web site. Of course the spammer was not aware of my hidden passion for Social Science funding projects, he was simply trying out a new avenue to get his scam into my inbox.
The article sharing functionality allows the sender to specify their own message to go along with the story and of course that was where the much more traditional 419 scam was to be found.
Although this tactic means that the Spam will be sent from an IP address that is unlikely to be blacklisted, and contain much content that is unlikely to set off a spam filter, it certainly doesn’t add any credibility, to a 419 scam at least.
That said though, if this technique were to be adopted by criminals seeking to spread socially engineered malicious links it could be made to look much more convincing. Interestingly this abuse of the New York Times web site happens in spite of the fact that users need to create an account in order to share stories by email.
Perhaps web sites offering this kind of functionality would do well to invest in technology to scan the content of their outbound emails in order to stomp on this sort of abuse. If it becomes widespread they are very likely to find themselves blacklisted which would be a serious blow to their social media capabilities