Diwali “Festival of Lights” Encourages Spammers to Mask Known Spam Attacks

The Diwali “Festival of Lights” happens in October and is celebrated across India. During this time a large portion of the Indian population will be out shopping and looking for holiday deals. We have started noticing spam messages that offer discounts related to Diwali. Interestingly, spammers are sending the same Internet offers, but in the form of Diwali discounts.

For example, in the spam message selling a database CD of contacts (names, email addresses, ages, phone numbers), “Diwali” is inserted to make it enticing for recipients. As shown in the below sample message, recipients are offered a database CD of 57,000 Indian companies (SMEs).


We also monitored unsolicited offers that we think may ultimately lead to a compilation of opted-out email addresses for the spammers. Most of these spam messages draw email users with cash prizes or discounts. Users need to first register at the websites provided in the email, which is an obvious ploy by spammers to collect a database of email users.

This is similar to many other spam messages that encourage users to register and provide information such as email address, gender, date of birth, and mobile phone numbers. Spammers are also using social engineering techniques to try to convince users that the email source is an Indian person or a reputable Indian company. This database may be sold to other Internet marketers or used in future Internet surveys.


In other examples, we have seen recipients offered memberships to reputable holiday clubs. Since people tend to travel during the holidays, we found many URLs redirecting users to travel-related sites. These kinds of spam messages have been around for quite some time, but there may be rise in the messages with Diwali approaching in a few weeks.

Here, we would prefer that users are cautious when they register at unknown websites. Users may be exposing personal information to Internet scammers. Symantec advises users to not reveal personal information to unknown websites, or entertain email offers received from an unknown person.