Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Watch Out Chase Customers | Main | No Audit Trail = No Response »

February 17, 2006

Stifling Curiosity

Ask most everyday spam-besieged email users about the problem, and they'll likely tell you that they want "someone else" to fix it. That could be their Internet provider, their email client program maker, or some vague geeky entities out in the ether. In other words, they want others to do all the work to keep spam at bay, so that the users don't have to deal with it.

The irony is that if email users did less than they do with regard to spam, phishes, malware mailings, and the like, we'd be in better shape than we are.

My contention is that the spam economy is what keeps spamming (and everything related to it) alive and well. The spam economy (or, as I call it, the "spamonomy") is driven by the money and activities of recipients of such missives. Obviously, those who buy from spammers fuel one part of the spamonomy. But, as I expound at length in Spam Wars, seemingly innocent activity, such as opening messages that send Web beacons and clicking on spamvertiser links, also feeds the spam economy, even if you don't buy from spammers. Your verified-active email address is currency among spammers. Clicking a link that hits a Web site can be an income source for the spammer. Filling out a form with your demographic information in a phony survey, a purported sweepstakes entry, or a mortgage application is a huge income source for the spammer when that information gets sold to others.

Think of it this way: Any response you make to an unsolicited bulk email message contributes to the spamonomy.

Even if you believe you're onto spammers' tricks, it can be difficult to resist the curiosity that they play on. They supply just enough information in a message to get you to click on a link to lure you into your contribution to the spamonomy. Case in point: A message whose From: and Subject: lines read:

From: "Schmidt Ora"
Subject: Danny Goodman : Approval #18783-05

Then the message:

Hello Danny Goodman,

After a review of all your data, we are pleased to notify you of
your acceptance.

Secure site: http://[removed].com/3/?k=clmk2k5

Please submit your information on our webpage above

Waiting to hear from you,

Kinsella Nettie

Those who have been around the block a few times recognize this as a mortgage spam, but not every recipient would. (Not having visited the URL, I'm making a supposition.) But I'd wager that lots and lots of recipients click the link to find out what it's about. Ka-Ching.

Or how about the one that arrived earlier this week? In the list of waiting mail, it looks like this:

From: mail@best-postcard.com
Subject: You have received a postcard

Just opening this message in an email program (or Web browser) that has JavaScript enabled triggers a series of scripts that load hidden pages from at least three different servers (one in Russia, another in China), all using various obfuscation tricks to hide their true activities from non-techy eyes. You don't even have to click anything—just opening the message puts you and your computer in serious jeopardy. If your computer is hijacked, it becomes part of a bot-net, and your PC's processing cycles and broadband connection are leased out to spammers and virus writers around the world; all email addresses stored in various files throughout your computer are harvested for spammers to use; your financial logins and passwords may be snarfed from right under your fingertips. Your commission: $0.00. Less, actually, once you determine you've been Trojaned, and you have to get your machine cleaned.

It's a fact: It's hard to do less with spam/virm than you're already doing. Social engineering tricks peppering your inbox and instant messaging windows lure smart folks into doing things they know aren't good for them, yet plenty of recipients go right ahead and click away. Clamping down your curiosity about what's behind Door Number 2 is extremely difficult.

Until sufficient numbers of us adapt a healthy sense of suspicion about every piece of email or instant message we don't immediately recognize, we're doomed to keep feeding the spamonomy forever. Despite the help they've provided so far, all the filters and lawsuits in the world won't be enough. Enough bad stuff dribbles through—and enough recipients open, read, click on, and buy from these messages—to keep the spam economy flowing. The costs of sending the garbage is so low that even a teeny-tiny response is enough to make the effort pay. That's why the world's email users have to work extra hard to do less.

Learn how to open suspicious email safely, without exposing yourself to danger (like the postcard one described above). Become invisible to senders you don't want to hear from. When they can no longer make enough money to keep their efforts going, they'll turn their attentions elsewhere. Anywhere but our inboxes.

Posted on February 17, 2006 at 04:43 PM