The cover for Vanity Fair’s July 2015 print issue was publicized on the Vanity Fair website June 1, and revealed the newly transformed, Caitlyn Jenner. The cover photo went viral reaching over 46 million people across Vanity Fair’s website and social media – with the internet virtually exploding. Jenner even beat President Obama’s record for reaching 1 million Twitter followers in just under five hours.
With Jenner’s name in the headlines this week, it’s no surprise that spammers have jumped on the opportunity to try and use her likeliness to trick users into visiting sites to push beauty products in hopes to gain monetary value.
So far, we’ve seen over 100K samples and variants of spam emails using Caitlyn Jenner as the lure to get people to click on compromised links. The emails all have different subject lines, but include the same content in the email body. The spam appears to be coming from possible compromised machines, most of which trace back to IP addresses in the United States.
Figure 1 below is an example of the emails that are being sent out in large quantities, hoping to entice users into clicking on spammy links. The embedded links in the email titled “Caitlyn swears she just used this” and “Here is what went down” redirects users to the following website –
http://www.goodbodyhealthtips.org/index.php?aff_sub=1394&aff_sub2=190076&aff_sub3=1021342e9d6b955d9a9c66e5ed3293 (labeled “wrinkle miracle”) – that pushes an anti-aging facial cream to prevent wrinkles, revealed by Dr. Oz called Dermakin Anti-Aging Cream.
As shown in Figure 2 below, once on the page, the user will see the headline “Revealed by Dr. Oz! Jen’s Closely Guarded Secret For A Wrinkle Free Face” that is said to be featured in Yahoo!, Woman’s Day, VANITY FAIR, TIME, People and Aol.
Figure 3 below shows that while on the page, the user will see “before” and “after” photos of stars like Ellen DeGeneres, Katie Couric, Goldie Hawn and Barbara Streisand who have allegedly used the wrinkle cream.
At the bottom of the page (see Figure 4), there is a “limited time offer for readers” and an expiration date of June 3, 2015. The spammer’s hope is that the recipient will click on the prompt titled “Click Here to Get a Bottle of Dermakin Anti-Aging Cream” to purchase the product, sharing sensitive information in the process.
Below this ‘special offer’ the spammers have posted fake Facebook comments to make the product appear even more real, (see Figure 6).
The above tricks used by spammers to fool unsuspecting consumers are not new. We’ve recently seen the likes of Dr. Oz and Rachael Ray being used to promote a weight loss pill that promises to melt fat away – https://barracudalabs.com/2015/05/the-big-business-of-spam-dr-ozs-brand-new-trick-to-shed-27-pounds-in-just-one-month/.
Unfortunately, this is another example of how scammers are building a big business around the use of various spam techniques. As a natural rule of thumb, it’s probably best to keep in mind, that if it sounds too good to be true, it most likely is. Users are protected against this type of email spam with Barracuda Spam Firewall and Barracuda Email Security Service. For more in this Barracuda Labs blog series, The Big Business of Spam, please visit:
For more education on how to keep safe from these types of emails, please visit: Barracuda Central
Additional blogs around the topic –