Here’s another example of randomly-generated spam somehow being appropriate:
This morning I received an image-based stock spam. The sender’s name was listed as “eye gouging.” Yes, spam does sometimes make you want to gouge out your eyes (or perhaps the spammer’s). May I recommend the Grammar Spork™ (NSFW: language) for such cases?
I just spotted a rather disturbing phishing message in (of all places) our abuse contact mailbox:
Subject: Fraud Prevention Measures
Dear customer!
Due to high fraud activity we constantly increasing security level both for online banking and card transactions. In order to update our records you are required to call MBNA Card Service number at 1-800-[removed] and update information on your MBNA card.
This is free of charge and would not affect any transactions with your card. Please note this is necessary to provide highest security level for all transactions with your card.
No HTML tricks. No links to fraudulent websites. Just a phone number.
I can only assume this is a response to high-profile inclusion of antiphishing features in Internet Explorer 7 and in Firefox 2. If there’s no website, there’s nothing for a web browser to check.
And of course by not using sneaky technical tricks in the message, it’s harder for tools like ClamAV, spam filters, or mail clients to detect.
Incidentally, does anyone else find it ironic that one of the most common phishing techniques is to exploit people’s fear of being phished?
Further reading: Anti-Phishing Working Group.
I’ve noticed a new subset of blog spam over the past few months: Jokes. Instead of just filling the comment with links to the spamvertized site, it’ll either leave the the link in the author URL field, or toss a couple links in at the end, but the bulk of the comment will actually be a joke.
Generally they tend to be story-type jokes, the kind you’ll find on, say, Jumbo Joke. This is probably an effort to build up enough comedic content to overwhelm the presence of links to a porn or pillz site. A similar technique had a brief heyday maybe a year ago in email spam, though I haven’t seem many of them lately.
It’s still spam—there’s no way I’m letting those comments and links onto the site—and Spam Karma still catches them. Still, it at least makes the spamtraps a little more interesting than the endless morass of links and keywords.
On another note, I’ve been seeing a lot more email spam targeting the abuse contacts lately. I don’t know what they think they’re accomplishing, since the people reading abuse@wherever are most likely to report them and least likely to buy from them. I mean, “Greetings Abuse!!!” doesn’t seem an effective way to begin a sales pitch.
Some funny spam subjects that have popped up in my inbox or in the server’s spam traps recently:
Brought to you by the Department of Word Salad. (I really ought to draw up a guest strip for Spamusement with one of these.)
In the past two weeks, a new variant of the advance fee scam has dropped into our spam traps: supposed UK-based artists needing help selling their works overseas.
The classic Nigerian scam involves someone claiming to be the relative of a deceased or deposed dictator, general, etc. is trying to smuggle money out of the country and needs to borrow your bank account to do it.
It’s usually a third-world country, often one with political strife, so that the average westerner won’t be too suspicious of the level of corruption implied. You never see this scam claiming to come from, say, France, or Japan, because the process would set off too many alarm bells. Someone needing to transfer that much money would either do it through normal banking channels or through organized crime—not by firing off an email to some random citizen in a foreign country.
The first-world variation, at least up until now, has been the “International Lottery” scam. In this variation you get a winning notice, but of course you need to pay them before they can send you the money, etc. This one generally claims to be based in Europe, often several countries in one message. The idea of a lottery seems much more plausible in the first world.
Someone has come up with a way to bring the 419 scam into the first world. The two samples I’ve seen so far both involve UK-based artists trying to sell their works in the US. The premise is that their customers want to pay by some method that is “difficult to cash” in the UK, so they want you, a US resident, to accept the travelers’ checks, or money orders, then wire them the amount minus a 10% commission.
Right.
I’m seriously waiting for someone to offer a commission on the Brooklyn Bridge.
The setting has changed—instead of a dictator’s widow who has hidden away ill-gotten gains in “darkest Africa,” it’s a happy Londoner living with his or her “two kids” and “the love of [their] life” and selling art on the international market. All shiny, happy and yuppie (with just a hint of bohemian). But the script is the same: Someone wants to clear huge amounts of money through your bank account.
I was going to post some quotes, but as I started looking at them, the similarities really go through the entire message. Continue reading
