The scam mails had the feel and look of an authentic message from one of the famous websites. These scam mails were sent in such a way that they looked reliable on the first view. Any new web user could easily be deceived by such mails if the user decided by its appearance. Further, appearances could be bogus and the hackers had taken advantage by creating fake mails of established sites.

Moreover, a perfect example occurred in the first week of July 2010 that supports the verdict of the researchers. Several spam mails urged the users to verify their Wikipedia accounts by clicking on a link that seemed to have come from the authentic Wikipedia site.

The spam mails contained texts like "Someone from the IP address 112.135.3.205 had registered the account 'iamjustsendingthisleter' with this e-mail address on the English Wikipedia", where the IP addresses matched with the spamming system (bot), and the so-called Wikipedia account was actually the spam recipient's mail account.

The security experts stated that as with HTML phishing mails, the links included in the mails seemed to take to the trusted service but on clicking, the users were taken to harmful sites that the hackers had infused with all kinds of dubious content like pill ads and harmful JavaScript code.

Because of the harmful nature of the spam mails, security experts advised users not to navigate to famous pages through links in unsolicited mails and should use previously bookmarked links to use websites individually. The experts state that many link previews in the status line of many mail programs or web browser do not offers assured safety as URL characters can be replaced with similar characters that look identical at the first glance.