AppRiver security researchers recently uncovered a new malicious spam campaign that delivers e-mails posing as notifications from Classmates.com.
"AppRiver provided a fake Classmates.com sample e-mail and we must admit that it’s almost perfect as far as the design goes," writes Softpedia's Eduard Kovacs. "Most of the logos and the text are in the right place, thanking users for joining the Classmates community and urging them to click on a link to verify their email addresses."
Those links, though, don't lead to Classmates.com.
"The compromised domains are part of the Blackhole Exploit Kit, a piece of malware that allows cybercriminals to build their own botnet," writes SecurityNewsDaily's Matt Liebowitz. "The security firm Trend Micro spotted a host of other organizations currently being spoofed by Blackhole scammers, including Bank of America, Verizon, PayPal, AT&T, Citibank, Ticketmaster, and -- not surprising, given its recent password breach -- LinkedIn."