Category: Spam

Posted on
by

Interesting spam/phish technique: Look for subdomains with CNAMEs or SPF records that point to abandoned domains that you can then register…and effectively take control of the subdomain or SPF.

They haven’t seen any cases where it’s been used to host a phishing site at, say, an msn.com subdomain, but they’ve seen thousands of cases where it’s been used to pass email verification checks.

The article describing “SubdoMailing” gives a detailed example of a spam that made use of an msn.com subdomain that was used for a sweepstakes way back in in 2001, with a CNAME pointing to the long-abandoned domain name for the contest, but the subdomain was never actually deleted.

Lesson: check your DNS for any dangling references to outside domains that might not exist anymore!

Posted on
by

Eventbrite has worked well for buying tickets to events I’ve attended…

But over the last few months I keep getting spam for events that are not only not remotely interesting, they aren’t anywhere NEAR me. Sorry, but I’m not hopping on a plane for a pub crawl on the other side of the continent or a 2-hour “gong bath experience” on the other side of the planet.

At first I thought they were bogus. But everything pointed to Eventbrite’s servers. I’ve been blocking the campaigns in Eventbrite as I get them, but at this point my account settings show 10 organizations I’ve blocked, even though I’ve theoretically unsubscribed from “all Eventbrite newsletters and updates for attendees.”

Of course searching online is useless, because (1) everything’s about how organizers can keep their messages from landing in spam folders, and (2) searching online in 2023 is more or less useless anyway. It’s the end result of years of SEO trying to get into the first page (now with generative AI to flood the zone with even more bullshit!) combined with Google and Bing giving up on trying to give relevant results when what they really care about is ad impressions — and no, DuckDuckGo results aren’t much better.

I haven’t bought tickets to an event that uses Eventbrite since 2019 (for obvious reasons). I’m thinking at this point I should just cancel my account [Update: I did], and the next time I want to go somewhere that uses them for tickets, I can open a new one. With a different address.

Posted on
by

We don’t have personal jet packs or flying cars, but we do have spam advertising remote-controlled robot birds that we can buy from shady online retailers to entertain our cats.

“My cat is obssessed with this pigeon-shaped drone” and so on…

Posted on
by

I’m not opposed to relevant guest posts on a topic-based blog, but when it’s obvious that they didn’t even look at the site and are just robo-spamming blogs that maybe matched a keyword or something…?

I mean, stuff like this:

“I read your article https://speedforce.org/2017/11/crisis-earth-x-conclusion-review/. Your readers might be interested in checking out our resources on machine learning and AI.”

Really?

I can’t imagine enough people would bite for them to get their link-backs and up their page rank, but then spam has always been a scattershot approach.

@mrennen@mastodon.social suggested that even if the technique isn’t effective anymore, spammers might be selling the “service” of getting linkbacks to gullible sites that want the exposure.

Could be. There always has been a strong overlap between spammers and scammers.

Posted on
by

I received a scam email claiming to be from the IMF, all about who to contact if you fell for an advance fee fraud scam claiming to be from the IMF. All you have to do to get your money back is send your info and $150 to Barrister so-and-so to set up an account, just contact this GMail address…

Posted on
by

I woke up to ten or so first-time comments* in the moderation queue at Speed Force this morning. As I started reading them I was briefly confused: they were well-written, specific comments about comic books….that had nothing to do with the posts they were attached to. Complaining about Bendis’ writing on an interview with Paul Ryan (the artist, not the politician). Gushing about an Ultra-Humanite figure on a review of a Flash comic. Tips on finding exclusive Aquaman figures on a Flash TV episode review.

Then I felt strangely nostalgic, because I hadn’t seen this sort of spam in a long time.

As near as I can tell, the spammer finds a related site, scrapes comments from it, and pastes them into the target site. To what end I’m not sure, because the comments all linked to Facebook profiles. Most comment spam seems to be about link generation to prop up a spamvertised site in search rankings. But sure enough, when I searched for phrases from the spammy comments, I found the originals on a Daredevil fan blog, an action figure site, an artist’s blog, and so on.

I’ve got to give the spammer a little credit for two things:

  1. Finding actual comics-related blogs to scrape comments from.
  2. Inserting typos to make it harder to match. Though Google’s pretty good at fixing those.

In the end, though…

*plonk!*

*I have WordPress set up so that first-time commenters always go through moderation, while returning commenters are allowed through unless they trips a filter.