The Yeti logo is seen on a cooler for sale at the company’s flagship store in Austin, Texas.
Sergio Flores | Bloomberg | Getty Images
Over the past few months, Americans have been receiving emails promising them a free Yeti backpack cooler from Dick’s Sporting Goods — a $325 value.
No, you haven’t won a new cooler.
These emails have gotten a lot of attention because they are sometimes able to evade sophisticated spam filters, like those built into Google‘s Gmail, but they are spam emails. They’re designed to get victims to provide their credit card numbers, which will be stolen.
The spam campaign is an example of how scammers are getting increasingly sophisticated at targeting consumers to give up their private information, said Or Katz, principal security researcher at Akamai, which recently published a look into how the recent spam campaign works.
While it’s unclear how exactly the emails get past spam filters, Katz said, this phishing campaign uses several sophisticated techniques, including IP filters, re-directs, and personalized links to evade layers of security software designed to mark phishing emails as harmful and prevent them from being delivered to users.
The campaign also uses a novel technique of embedding a hashtag, or a pound symbol, inside links to obscure their harmful nature, Katz said.
“This research is showing attackers creating techniques that enable them to make their campaigns much more effective, or even evade some detections,” Katz said. “And at the…
