As we've said in recent posts, spam from south of the border often demonstrates a state of the art that eventually migrates to other parts of the world. Spammers there go the extra mile to generate excitement and click-through, and the latest phishing campaign to show up in our honeypots illustrates just that.
What could be more exciting than a 67% discount on an iPhone 5? Or a 63% discount on a Galaxy S4? Or 50% discounts on TVs and notebooks? Especially if it's from Groupon, where the deal might expire at any minute!
The HTML has been carefully copied from Groupon and looks just like the real thing.
Clicking any of the buttons pulls of an equally well-executed offer page advising you that this offer is “not to be missed.”
If you agree, you proceed to the payoff page where the phishers ask for every detail they need to steal your identity, right down to your CPF.
They even let you select the number of installments you can pay without accruing interest!
These emails are all the more compelling because they are expected. Groupon regularly sends offers to their subscribers. A Groupon in your inbox is nothing unusual.
What is unusual is the price, and canny netizens will stop short at the discount. Nobody offers 67% discounts on iPhones, not even uber-popular Groupon. Further examination shows that the offer is not actually presented from groupon.br, but from a domain called ofertadodia.org, which, while cleverly registered to resemble the words “offer of the day”, was only registered on 29 June 2013, barely days before the emails were sent.
The old advice is the best advice. If it's too good to be true, it probably is. Couple that with the new old advice – anything that shows up in your inbox should be treated with kid gloves.