Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Self-defeating Spamming | Main | How to Scare Phisherees...Not! »

March 02, 2005

Subject Field Deception

One of the major spammer tricks that the U.S. CAN-SPAM law aims to eliminate is the deceptive Subject: line that lures unsuspecting recipients to open the message. It's the primary tactic that a spammer (and scammer and virus writer) uses to achieve the second of his three dearest wishes (itemized on page 134 of Spam Wars).

The more spam and other garbage that an email user has received over time, the more suspicious that user typically is. Being burned by the deception hundreds or thousands of times over the years makes one (I hope) more likely to smell a rat.

When scanning through my list of unread incoming mail, I focus first on the column that shows the From: field information of those messages. When I encounter a sender I don't recognize, my suspicions ratchet up a notch, and I next look at the Subject: column for that message. (Even a message "from" a sender you recognize is not always safe, as I detail in the book.)

Interpreting a message by its Subject is a skill that you learn over time. When the liars are really out to get you, their Subject: lines can raise enough doubt that you might be drawn to open the message.

Here's one I saw this morning. The From: column reads "Kimberly L," a name I did not recognize. The Subject: column reads "March Water Bill." The sender in this case wants me to think that Kimberly works for the local water utility, and that this message has something to do with billing.

This is precisely the juncture at which you need to exercise those "little grey cells" to think this through. The likelihood of my local water utility having my email address is extremely remote. While it's true that they could conceivably use a service (called email appending) that tries to correlate physical and email addresses, it's not foolproof, and they would have no way of knowing without further confirmation that they had the right email address for one of their customers. Further, experience tells me that the more ominous (or strident) a message sounds (like the eBay phishers who warn about impending account closure), the more suspicious I become.

The (non-Spam-Wars-reading) email user who doesn't get a lot of spam or is an email newbie would likely be fooled by this message's deception. To the unwary eye, it looks like a notification from the water company. But this is precisely the email user who needs to learn what kinds of deceptions are being used and how to inspect the message safely before opening (for ham) or deleting (for spam) the message.

As for "Kimberly," she's a medz spammer. Surprise, surprise (yawn).

Posted on March 02, 2005 at 09:32 AM