Powered by Movable Type 3.121
Home The Book Events Tools Q & A Stats
Danny answers your "Spam Wars" questions.
Spam Wars Q & A
Q?
Do you have a question for Danny? Fire away and the answer may appear in this section of the site.
Q. Subject is Message is Subject Cropmark
A.

I saw a couple of 419 (advance fee scam) messages come through today whose entire message is contained in the Subject: header. There is only an empty body below the headers. This isn't a mistake on the part of the scammer, but rather a quick way to get the message across without needing the user to open the message...well, almost. Email clients tend to show only a limited number of characters in the Subject: field listing of an inbox.

The message I show here was sent through some poor AOL mail user's hijacked PC (I "x" out some possibly identifying info):

From: "Federal Reserve"<Flykidxxxx@aol.com>
Subject: I KNOW YOU MUST HAVE WAITED FOR THE PAYMENT OF YOUR FUND OF US$10.5M. NOTE THAT BANK OF AMERICA HAS RECEIVED DIRECTIVES TO WIRE YOUR FUND INTO YOUR ACCOUNT CONTACT ME FOR MORE DETAILS Please copy and paste this link and CLICK DOWNLOAD to view payment details (http://www.sendspace.com/file/rcm7vq)

Notice that the expected user action is in a SendSpace.com URL. SendSpace is a service that facilitates the transfer of very large files between people. It's a convenient, free place where anyone can upload any kind of file for others to download.

I don't mind showing the full URL here, because to its credit, SendSpace quickly removed the file. But both instances I saw today used a sendspace.com URL as the action destination. I expect to see more of that kind of thing.

Posted on February 20, 2012 at 07:30 PM  |