Select Page

Cyren Security Blog

Green Coffee Beans – An August Review on Spam Trends

Although spam levels are generally down, certain types of spam have increased their share of the spam pie. One category that has been on the increase is diet products, such as promotion for ‘green coffee beans’ that promise weight loss miracles. Since June 2013 these products have been highly prominent in spam.

Are diet products like these a general generating more interest on the Internet, and do spammers try to utilize this?

On the Lookout for Trends

Via Google Trends you can easily find out when certain keywords and topics have been searched frequently. Green coffee beans have been googled since April 2012 – and at a maximum in September 2012:


The graph shows that since the peak in September 2012 interest in green coffee beans declined (blue lines) – and the spammers (red lines) joined in to the “bean business” in June 2013. So this time, they are way behind Google Trends.

Job Offers and Abuse of German Companies’ Email Templates

At the beginning of the year, job offers were a very popular trend for spammers – but not in August 2013. CSL could only see two of these spam waves, with most of the emails sent from Belarusian IP addresses.

Another trend seen in Germany was the abuse of email templates from German companies where virus emails were sent out spoofing their name. In such cases, the whole email is copied and a virus attachment added, e.g. a PDF document which is named as a bill. The following email sample contains a fake booking confirmation and fake invoice in the name of an airline (airline direct):


If the recipient opens the attachment, no PDF document is opened – but malware is installed on his computer.

Countries of Origin in August

In August India is the number one spamming country (6.8 percent of spam amount) and Belarus reaches position number two (6.7 percent). Most virus emails in August originated from Italian IP addresses.

You might also like

LinkedIn Phish Kit

Scam Warning Back in January, LinkedIn posted a warning about connection requests from individuals impersonating employees of a legitimate organization. These requests come from newly created accounts. If someone accepts the request, the attackers will have more...