Spammers, threat actors who send irrelevant or unsolicited messages over the internet to large numbers of users to spread malware, strike again! This time, they are exploiting affiliate programs to advertise online casinos such as Ducky Luck, Raging Bull Casino, Sports and Casino, using deceptive emails.
Multiple important online casinos use an affiliate program that enables other sites or influencers to advertise their merchandise and receive payment for everyone who registers an account.
To transfer users, the affiliates will design specially crafted URLs that include an affiliates ID or release a cookie that enables the casino to give them credit every time a referral signs up for a new account.
According to BleepingComputer, an online spam operation organized by affiliates of online casinos is flooding users with bogus emails announcing they won the ‘Grand Prize,’ that a large cash payout is ready, or that the recipient needs to confirm their account.
Even if the free email service provided by Google Gmail did a great job marking these types of emails as spam, there is a possibility that other email services may not perform as well, allowing the spam to make it into the general mailbox.
Below you can see a spam email for Raging Bull Casino where they promise a $3,500 reward.
When clicking on the links, the user is redirected via another website that releases an affiliate cookie and then redirects them to the casino.
For instance, the redirection to Raging Bull Casino includes the affiliate ID (affid) in the URL so that the affiliate can get credit for the signup.
After you sign up for the account and happily wait for the payout they have promised, you’ll probably be surprised to find out there is no money waiting for you. The affiliate who sent you the email is the only one who’s making money in this case.
Email bombing is a form of cyberattack seen in many unrequested emails sent to your address. It can have negative outcomes for organizations by weakening their communications, but the impact is also problematic for individuals.
When receiving these types of emails, just mark them as spam so that your email provider’s spam filters will be able to recognize them next time.
Our Heimdal™ Email Security and Heimdal™ Email Fraud Prevention work in tandem with the Office 365 suite to increase protection in Outlook. By their powers combined, they form our Advanced Email Security module, which protects your enterprise against a variety of email-based threats, including spam, malware, phishing, DNS high jacking, CEO fraud, and other forms of BEC.
Heimdal® Email Security
- Completely secure your infrastructure against email-delivered threats;
- Deep content scanning for malicious attachments and links;
- Block Phishing and man-in-the-email attacks;
- Complete email-based reporting for compliance & auditing requirements;