Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Pathetic Bank of America/AOL Mule Recruitment | Main | Bogus Facebook Spam Report »

April 26, 2011

Another Spam Cost

I saw a Trojan-attached email message this morning falsely claiming to have originated from Bobijou, Inc., a purveyor of pearl jewelry. Just so it gets picked up by search engines, here is the full text (typos left intact):

From: Bobijou Inc
Subject: Successfull Order 394311

Thank you for ordering from Bobijou Inc.

This message is to inform you that your order has been received and is currently being processed.

Your order reference is 271790.
You will need this in all correspondence.

This receipt is NOT proof of purchase.
We will send a printed invoice by mail to your billing address.

You have chosen to pay by credit card.
Your card will be charged for the amount of 925.00 USD and "Bobijou Inc." will appear next to the charge on your statement.

You will receive a separate email confirming your order has been despatched.

Your purchase and delivery information appears below in attached file.

Thanks again for shopping at Bobijou Inc.

The attachment is a tiny (9.68 KB) file named Order details.zip. Of course it's a Trojan, and the threat of being billed $925.00 will cause plenty of recipients to blindly open the attachment. If they have up-to-date antivirus software installed, they'll probably be protected, but even with such protection, I would never attempt to open the attachment.

With a little digging, I discovered that Bobijou was the victim of a similar attack in early March 2011. According to the company's official Facebook page, the previous spamming campaign caused over 7000 people to contact the company to ask, essentially, "WTF?". Imagine having to respond politely to 7000 extra emails from current or potential customers (some of whom are probably really pissed off). How much would that cost you or your company?

Scams utilizing email "order confirmations" for expensive merchandise you never ordered go back many, many years. The goal of the sender is to trick the recipient into getting in a huff and following directions to investigate the order. In the meantime, the abused brand is saddled with a huge support nightmare caused by some anonymous asshole.

Posted on April 26, 2011 at 10:19 AM