Spammers Try to Entice Unemployed Affected by the Health Care Crisis

by

With all the talk about Health Care reform in the White House due to a rise in unemployment and a lack of access to affordable health care, it seems health insurance has become a hot topic in spam. The Commtouch Labs recently saw a very sophisticated spam message that included a bogus “Unsubscribe” page in order to a) bypass spam filters that check for US CAN-SPAM law compliance and b) trick even savvy email recipients who may be fooled, since the working unsubscribe link makes it look legitimate.

The email, touting low-cost alternatives to COBRA health coverage to folks who may have recently lost a job, probably wasn’t from a health insurance company, but rather a broker who sells leads to health insurance companies. Often companies (e.g. mortgage or insurance) will pay per lead, leading to various illegitimate practices to gather peoples’ contact information.

One example looks like this:

COBRA health insurance alternatives

CAN-SPAM laws require that commercial emails include a method of unsubscribing and a valid physical postal address of the sender. The example above includes two of both, so it leads me to wonder if they’re just being OVERLY cautious or totally reckless…

For unassuming recipients who are annoyed by the email and decide they do not want future emails from this organization, a simple click on the “Unsubscribe” button brings them to a page that looks like this:

CAN-SPAM unsubscribe page

Totally unrelated to COBRA health insurance alternatives, right? Some spammers may build a fake “Unsubscribe” page like this in order to bypass CAN-SPAM laws; the “Unsubscribe” box is prominently placed at the bottom of the page. The rest of the text is copied and pasted a million times over throughout the Internet…various spammers recycling content to quickly build sites that look legitimate.

None of the links on this page worked, which further supports the idea that the spammers were simply working to bypass traditional spam filters. A human spam analyst may click through links in the email can come across this landing page that appears to have valid content on it. Without checking any of the links or realizing that the content is cut and pasted from a million other sources, the analyst may mistakenly give the email a passing grade.

Once this spam message ends up in someone’s inbox, and they don’t care to unsubscribe but would rather try to get more information about this offer, a simple click on the image brings them to the COBRA health insurance alternatives landing page.

Sneaky guys…

COBRA alternative landing page

Go back