The Christmas-related modification to the large-scale spam campaign illustrates that holidays are often intentionally used by cybercriminals to rejuvenate and lengthen their otherwise ordinary spam campaigns.
This spam campaign previously centered around dubious offers providing unbelievable deals on numerous products. It also notified recipients that they had allegedly won a prize and asked them to answer a few questions and provide a physical address. Those who responded unknowingly signed up for costly newsletters or services.
After 90 days, the cyber crooks simply altered their social engineering to focus on Christmas by soliciting orders for "the perfect gift for any child" – a letter from Santa postmarked from the North Pole.
The revised approach is a clear example of how these criminals repurpose an existing spam campaign by maximizing the power of time-sensitive social engineering – sadly, an incredibly efficient tactic.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.