13 December 2011

Evolution of Russian Phone Number Spam

Most of the Russian spam emails we usually encounter are about online advertising, product promotion, and training workshops. These spam emails typically are sent out unsolicited from free or hijacked personal email accounts, without opt-out, and have randomized subjects to avoid being caught in spam filters. Despite the use of random subjects, we continue to observe spammers who like to list phone numbers in the email as the only available means of contact instead of direct URL links.

Here is an example of a recent Russian event promotion spam:

Here is the English translation:

Figure 1. Russian-language spam promotion

Look closely at the phone numbers at the bottom: Some digits are not written as numbers but instead as letters. Spammers have replaced the numerical digits with look-alike Russian/English characters in the phone number, a technique to avoid spam-detection we will look at below.

To begin, what follows are a few examples of how spammers have employed this method during the past few years. First, here is a simple set of contact phone numbers listed below:

Then, spammers change the phone number by inserting some random symbols between the numbers:

Eventually spammers become more sophisticated and begin to replace numbers with look-alike Russian or English alphabets. Here is a list of characters which resemble numbers in both Russian and English languages:

