Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Medz Spammer Abusing Reader's Digest | Main | Another Round of Bogus MS Outlook Updates »

October 07, 2009

419er Uses Google Docs To Spread Scam [Updated]

Oh, those wily 419ers. They'll find a way to abuse every possible free service on the intertubes. Why bother paying for a botnet to do the mailing when Google will do it for you for free?

A crook using the name Chai Poon supposedly from Singapore (I'm not buying any of it) wants me to help him grab millions from a dormant bank account previously owned by the late [person with the same last name as mine]. This angle — some rich guy with the same last name as the addressee died without known heirs — always cracks me up because the email message doesn't mention the addressee's name or name of the "deceased" anywhere in the body.

At the bottom of the email message was this odd (for 419 messages, that is) addendum:

I've invited you to fill out the form Cooperation Of Yours. To fill it out, visit: http://spreadsheets.google.com/viewform?formkey=[removed]

At the end of that google.com link is the following form (whose top part is identical to the email message):

Google Docs form built by 419er

I expected the form to be something for a potential victim to fill out, with fields like the ones outlined in the message. But nooo. It's just an empty form with placeholders. You may ask, "What gives?"

The only reason this crook is using Google Docs is so that he can use gmail to send his missive to recipients. Yes, the headers reveal that the true sending IP address belongs to gmail. I'm curious to know if recipients at gmail would automatically receive these messages because they were sent from a valid gmail account. If so, that's one way to improve deliverability.

And, just in case Google shuts down his gmail account (dutifully and honestly shown in the From: field), he wants victims to contact him via a completely different free email account.

You may note that the Report Abuse link in the Google Docs page has been visited. Due to the massive size of Google, however, I doubt that takedown action will be very swift.

Update 12October2009: Five days later, the Google Docs page is still alive. Despicable, Google.

Posted on October 07, 2009 at 04:09 PM