I've received a spam from one of my friends (well I'm sure he didn't send it). so there's this link, and i'd thought what exactly would be the implications of clicking the link (i've not clicked it yet)?
Asked
Active
Viewed 2.2k times
46
-
5I'd just like to make it very clear that, unless the link can be verified as having come from a trusted source, you should *not* click it under any circumstance. The only people who *should* be clicking links in spam e-mails are those who are trained and armed to monitor and test the results, for research purposes. – Iszi May 09 '11 at 12:59
2 Answers
53
The common reasons for links in spam email are:
- verification that your email address is valid and that it is read which makes the email address more valuable for address brokers (the link needs to have some individual part, that can be a number, but it can also just be unique word from the dictionary). This kind of link may be labeld "unsubscribe".
- the link may point to a phishing site, pretending to be from well-known-company such as eBay, but just wanting to trick you into entering your username and password for that side (e. g. "your account needs to be verified"). Please note two things: In HTML emails the displayed link text and the actual link target can be distinct. There are some special characters that look like normal ones
- the link may point to a website which tries to exploit your browser or plugins to get access to your computer, or trick you to manually execute malicious code (e. g. "get this video codec", "you computer is infected, get anti virus for free").
- the spammer might want to get people to visit his or her website to advertise his products or opinions, manipulate polls, etc.
Uncommon:
- the spammer may try to flood the target with lots of visitors. This is not effective as a distributed denial of service attack because the email is a lot larger than the data send by the browser to the target server. Reflective DDoS usually use DNS where a small query with a faked sender address can result in a much larger reply to the target site. But it may be effective to exploit some pay per click advertisement programs.
More than one point may be true.
Hendrik Brummermann
- 27,118
- 6
- 79
- 121
-
6Also, revealing the client's ip address is also a valid reason for someone to provide links to external sites. – Dog eat cat world Aug 17 '11 at 16:23
-
2The first point can be achieved by opening an email alone (through a tracking image or such). – jahu Feb 16 '15 at 12:37
-
1@jahu Which is why any decent email client doesn't automatically load images in HTML emails anymore. – Dan May 17 '16 at 13:06
-
Someone doesn't have to rely on the Slashdot effect to flood a target through email. They can just put a link in the email to a webpage which makes rapid requests to the target using JavaScript. – forest Dec 19 '17 at 04:00
16
Just to expand on one item in @Hendrik's list, the exploitation item:
It is much easier to write an exploit which requires a user to click on something than to fully automate the attack from a position of no contact. All that link has to point at is an exploit for a vulnerability that isn't patched on the user's machine and the results could include things like a keylogger or rootkit being installed, the computer becoming part of a botnet etc.
Rory Alsop
- 61,367
- 12
- 115
- 320
-
http://security.stackexchange.com/questions/111116/phishing-gmail-account can you please check out this question and please tell me if this has chance to be the case that you said here – Sachin Divakar Jan 19 '16 at 21:02
-
-
-
2@SachinDivakar Generally, if something is sophisticated enough to exploit a web browser, it can bypass antivirus. Bypassing AV is actually quite trivial. – forest Dec 19 '17 at 04:01