« Phony Netflix Payment Scam | Main | Another AppleID Phishing Attempt »
Home | The Book | Training | Events | Tools | Stats |
August 02, 2017
Preposterous SpamIf we can learn anything from the Internet in the past year or two, it's that fake news penetrates.The more preposterous the item, the more likely readers will not only read the story, but they'll retweet or share it to hundreds or thousands of other users, spreading outright lies left and right. Spammers have been employing these techniques for years.
Spammers have two main barriers to achieving their goals.
The first is strictly technical, to employ whatever tricks up their sleeves to get as much volume into recipient inboxes as possible. This means slipping messages past network, incoming mail server, and client software spam filtering.
The second barrier is human. It's actually a two-part road block. The first is to somehow entice the recipient to open the message, usually by way of clever or interesting-sounding Subject: and From: headers whose content appears in the inbox list of mail. Once a user has opened a message, the final human barrier is tricking the user into acting on the content, whether it be to open an attachment (usually malware) or click a link (to either a product offering or malware installer).
Some people might think that the human barrier, populated by non-artificial intelligence, would be the harder barrier to overcome. Although oceans full of spam is blocked every day before reaching inboxes, a sufficient amount manages to get through to keep the spammers going. And, as the attraction of fake news has proven, humans by and large are gullible targets for any kind of psychological online trick.
Consider these two Subject: lines from real spam received here at SpamWars HQ:
- Scandal ends Mark Zuckerbergs run at Facebook
- Ellens last day: The star quits her show
These blockbuster Subject: lines could have been ripped from supermarket tabloid headlines. All we need now is a report of Ellen DeGeneres giving birth to an ET's baby on a UFO.
As much as I would love it for recipients to ignore these kinds of blatantly fake Subject: lines, celebrity curiosity will lead the high 90s percent to open these messages.
What do recipients see upon opening?
Remember, having lured recipients this far, the spammer's final goal is to elicit action on the recipient's part. That means a click on any of the links. As the URLs of the unsubscribe links demonstrate, they lead only to the same place as the active links in the body. Those unsubscribe addresses and affiliations are as phony as a 3-dollar bill.
As revealed by rolling the cursor atop all of the links (or pressing and holding your finger on the links on a touchscreen — and then sliding your finger away without registering a touch), the URLs contain what could be a complex numeric string that could be linked to your email address. Clicking any one of those links could confirm your email address with the spammer as being valid, inviting additional spam in the future.
Occasionally, a spammer error can give someone like me a brief chuckle. Such was the case of this Subject: line:
- This will grow your cancel cells
Unfortunately, curiosity will kill your cat when you open the message to read this tabloidesque message:
You'd think a legitimate pitch would at least make up an affiliation for this supposed Senior Health Researcher. Where? In an RV in the New Mexico desert?
If you look closely at all three messages, despite the differences in page layouts, all of the bogus unsubscribe messages reference someone with the last name of Nieland. Three different first names. Three different locations/states. One is in a telephone answering business services building, the second in a rural home, and the third in an apartment complex. Capital B, capital S, times three. But they are related, and their source code and link structures bear enough similarities to imply a single source of a megaspammer.
We've seen them for decades before. And as long as humans fall for their tricks, we'll see them for decades in the future. [big sigh]
Update
No sooner did I publish this piece when two more spam messages from this campaign arrived, using the same fake news approach:Posted on August 02, 2017 at 01:50 PM