Within the last few days our research team could see a spam campaign from the US, offering coupons by fast food chains like Burger King (coupon â€œTHE KING CELEBRATES SPRING!â€), Kentucky Fried Chicken (subject: â€œKFC for Lunchâ€) and Walmart.
Burger King Mailing including the coupon â€œTHE KING CELEBRATES SPRING!â€
Fake KFC coupon
Fake Walmart offer: â€œFree $ 1,000 Gift Cardâ€
Hidden dummy text: Tour de France and World Cup Qualifying
At first sight all coupon mailings might seem genuine: They are well designed and the coupon details, like â€œValid for Customerâ€ and â€œOffer Dateâ€, individualized. But there is one fact that is evidence enough for spam: if you scroll down the email and mark the entire content â€“ you will discover the (before whitened) dummy text:
Whitened dummy text, KFC mailing.
The goal of these inserted texts is to avoid content-based spam filtering. In the KFC samples we found a whitened CNN news text, the Burger King mailing picked up different news and updates about soccer World Cup Qualifying as tweets.
Coupons from Micronesia, link farms and Geo-IP caching
Senders of these mailings are KFC@privatebusd.pw (KFC), BKBurger@outbusd.pw (Burger King) and Walmart@backjetc.pw (Walmart) â€“ which are certainly fake. .pw is the offical country code top-level domain for the Pacific island nation of Palau â€“ in Micronesia. There is also evidence of geo-IP caching: German users, for example, who try to access these domains (e.g. privatebusd.pw) are automatically forwardedto the German version of YouTube.
By clicking the digital coupon image, you will directly be led to a link farm. The goal of these link farms is to influence search engine results by placinmg as many links as possible to another Website. If additionally there is an affiliate tool used, spammers could even receive money for each click.
Following the digital coupon you will be lead to a link farm.
Other coupon mailings our research team discovered, like a special offer by Wendyâ€™s, led to fake competitions where you could win Apple products. But this is is actually just a phishing campaign, to collect customersâ€™ data â€“ and make money out of it.
Sorry for maybe disappointing you, but: there are no free chicken offers or giftcards and â€“ King doesnâ€™t celebrate spring!