Please NOTE that these emails place cookies on YOUR computer, the aim of these cookies are to track your browsing on the web.
As this data is being Harvested, for example a number of Talktalk Users are browsing say "Boots" then this is the scammers target, lets say "Argos" is also has a high number of Talktalk browsers then this might be the next target.
Here is an example of the Argos one
Domains | IP Address |
nosotroda.com | 188.114.97.2 |
fonts.googleapis.com | 216.58.201.106 |
ka-f.fontawesome.com | 172.64.204.20 |
fonts.gstatic.com | 142.250.200.35 |
publiciqe.win | 45.87.222.98 |
businesstechevent.com | 78.137.168.189 |
excelhey.bid | 94.156.33.241 |
janiecera.com | 146.19.173.232 |
clcr.me | 34.86.13.18 |
kit.fontawesome.com | 104.18.40.68 |
virtualpushplatform.com | 172.67.177.88 |
The cookie found was CLCR, the domain link in the email businesstechevent.
If one was to use a redirect checker it identifies where these Domain names go, this is the picture that opens in your email, however, the other domain names (links) go elsewhere and plant their cookies.
You should either delete all the cookies in your browser before shutting down, WARNING, this may entail you entering passwords to sites you use a lot when you want to use them.
The alternative is to open up your browser and check the cookies on the list, one as an example that turns up is Doubleclick,
This cookie tells Doubleclick the time and date you saw an advert. It also shows:
userid: the unique ID number the cookie has given your browser
ad_id: the unique ID of the advert
ad_placement_id: the ID of where the advert was seen on the site
referral_url: what page you were on when you saw the advert
Because it records your IP address, Doubleclick can also make a good guess of your country and town/city, too.
I have deleted it and it returns so I block it on my computer, it has no access or data.
These cookies placed on your computer will tell the spammer your browsing history, what you have looked at, you should remove any cookies found that you are not sure of. The question being did you visit this site, NO, delete it, the spammer has gone away from using the first domain name as a cookie that is why there are other domain links.
The current torrent of spam email is of a format that the so called "spam filter" identifys as "Newsletters" and much to my annoyance there are free marketing sites e.g. mail-tester.com, that allow you to send your "newsletters" e.g. by email to them and they will test it to make sure it goes through the spam filters.
Having past the latest spam email through this test it passes 10/10, however there is a note as follows,
"The List-Unsubscribe header is required if you send mass emails, it enables the user to easily unsubscribe from your mailing list.
Your message does not contain a List-Unsubscribe header" and one would look to see if this could be incorporated in the "spam filter" to reject all "newsletters" that do not contain a "List-Unsubscribe header", obviously genuine newsletters do?
Regards
CanTheSpam
