Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

09:30 AM

Mommy Guilt

Nothing says 'Happy Mother's Day' like a gift purchased from a spammer

5:30 PM -- Fun fact: There are at least 23 different dates used to celebrate Mother's Day around the world. But spammers, of course, are focused on the most populous one, the North American celebration. (That would be this Sunday, May 13. Ahem.)

Sophos today reported a spike in Mother's Day-related spam, pushing flowers, chocolate, fruit baskets, etc., to procrastinators who either forgot, or couldn't decide what to get Mom. Some of these messages are harmless, annoying sales pitches, but some of them will be malware-infested, too, with infected links and other goodies besides the candy they're hawking.

Advice from Sophos: "Don't buy and do not reply" to any unsolicited commercial email. At best, your purchase only encourages more spam, of course, and at worst, you could lose your credit card number.

Sophos is urging a boycott on responding to spam (nice try), even appealing to the guilt in every adult child: "Next time spammers offer you 'something for the weekend,' ask yourself whether your mom would approve." (That one hurt.)

The bigger question should go to the spammers and phishers: Just what would your mother think of her "baby" preying on other kids or husbands/fathers, desperate for last-minute gift ideas? I mean, didn't you guys have mommies, too?

(Heavy sigh, disapproving look.)

Just doing my part to stop spam.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Sophos plc

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 5/28/2020
    Stay-at-Home Orders Coincide With Massive DNS Surge
    Robert Lemos, Contributing Writer,  5/27/2020
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: This comment is waiting for review by our moderators.
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-05-29
    There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
    PUBLISHED: 2020-05-29
    A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
    PUBLISHED: 2020-05-29
    All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
    PUBLISHED: 2020-05-29
    All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
    PUBLISHED: 2020-05-29
    All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.