Monday, June 20, 2011

The Last Horcrux Brings More Spam

Harry Potter and the Deathly Hallows - Part 2 is the last movie of Harry Potter novel series and is being released globally on July 15. The movie has another few weeks before it appears in theaters and it has already become a hot topic for spammers. Symantec reported similar spam activity previously for Part-1 in the blog Harry Potter and The Deadly Hallows of Spam.

In the spam sample below related to the new release, spammers are offering free tickets to Part 2. The message says the offer is valid only in the U.S. and that there are limited supplies of the tickets. The email header shows an example of header spoofing, whereby the email purports to originate from the official Harry Potter site. “From: "Movie Tickets" resolves to “harrypottermovie@removed_address”

Harry Potter scam email

Figure 1. Harry Potter scam email

In the past, Symantec has observed spam promoting the Harry Potter novels and accessories at discounted rates, as well as 419 and online pharmacy scams invoking Harry Potter (see this blog, for example). The goal of these spam campaigns is to harvest personal and financial information.
Because Harry Potter fans are excited to find out what will happen in the final installment, we expect that spammers will continue to distribute more and more Harry Potter spam leading up to the final film's release since this is their last great chance to exploit the Harry Potter magic.

By: Samir Patil