Yesterday, I posted about comment spam in blogs. Today, I’m going to mention a few topics of spam messages I’ve received in just one week. Ti begin, I’ve received an email from the “Microsoft Partner Awareness Team” who doesn’t seem to have a Microsoft mail account but some address in Nicaragua. The topic is “Confirm Receipt” and in it they tell me that they celebrate some 30th anniversary and as a result, this team is giving away £1,864,000.00GBP to six lucky recipients. And I’m one of them and need to reply with name, address, telephone number, email address and nationality. A nice example of phishing.
Next, a message about Canadian Pharmacy Online, where I don’t need prescriptions. Well, I don’t need these drugs either.
And a message from “WhatsApp Messaging Service” notifying me about a new voicemail, even though I don’t have a WhatsApp account for this specific email address. Since the sender is from Russia, I’m not interested in listening. Even though they’ve sent me this message twice…
The next one is a very good one, since it’s from the Google+ Team and uses firstname.lastname@example.org as address. Seems legit, doesn’t it? Too bad Google Mail happens to be the same as GMail, so the spammer is using this free service to pretend to be Google. The attached PDF promises £ 950.000 to me as an award and all I have to do is fill in a form with name, address, telephone number, nationality, birth date, gender, occupation and email address. Definitely phishing!
Of course, most phishing emails will promise huge rewards to people, as the one I’ve received from Italy. Some investors have 375 million euro which they want to give away. These huge amounts just make it very clear it’s just fake.
Then some more pharmacy messages and other offers for all kinds of medicines and certain ‘blue pills’. Of course, this kind of spam is also very popular, apparently because one in a million people still decide to buy their drugs this way…
But there are more ways than offering money or selling drugs. I also received a spam message with a pretty woman in bikini. Her name is Valeriya and she lives in Russia and is rather shy at first. And she wants to be pen pals with me. Oh, my… Dating spam! Another trick to get people to offer personal details or even to trick them into sending money to this pretty girl. Or maybe just a fat guy who pretends to be a pretty girl, since that’s more common. Still, even if this girl was real, chances are that she’s just out to steal your wallet and everything else you have. By the way, Irina also wants to chat with me. She enjoys hiking and pottery.
Then an email in the German language offering me a method to win at roulette in some online casinos. Ah, the old gambling site spam. Fits with the other spam message which is written in Dutch and offers me a chance to win the jackpot. They even promise me 100 euro as a bonus when I subscribe. Or the one where they’ll give me 20 free lottery tickets while they claim I’ve officially subscribed to their mailing lists in the past. (Which I never did, since the specific account that received the spam isn’t used to subscribe to anything.)
Then some message which advises me which stocks I should buy on the stock market, since they’re about to become valuable. Sure, for the person who is selling them right now! If plenty of people start bidding, the price will go up from nearly worthless to a few pennies per stock. If they then manage to sell a million stocks, it’s easy money with a huge profit, in a way that’s mostly legal.
And sometimes you receive an email that looks just a bit gibberish, yet makes you curious. People tend to reply to those kinds of messages, asking the sender what’s going on here and what they meant by this message. And thus they confirm their email address is correct. And since many people add a signature to their emails, the sender will get to know a bit more about the recipient. If the recipient happens to work for some company and the company adds signatures, then the spammer might have enough information to pretend he’s that employee!
The emails from “USA TODAY News” are also interesting. Sent from an outlook.com address, it provides me information about losing weight. Apparently I’ve subscribed to their newsletter too (NOT!) and I can unsubscribe and thus confirm the correctness of my email address. Strangely enough, the unsubscribe link points to a Russian website. USA Today seems to be in Russia?
In short, I have three email accounts on my domain and an infinite number of aliases on my domain and a few other domains. I also have two old GMail accounts that I barely use but in total, I receive about 20 spam messages per day over all accounts, which Google nicely detects and filters for me. They’re annoying but Google takes much of the annoyance away. Handy, because I also receive about 60 to 100 legitimate emails per day, mostly from mailing lists.
All these spam messages were easily detected by Google and you can wonder if spam is really as profitable as it seems. But it’s the magic of big numbers that’s in the favor of spammers. If they’re sending one million messages, and only one percent reads the message then it’s still read by ten thousand people. If only one percent of those are responding with some information then they’ve collected the information of 100 people. And if one percent of those fall for their traps and the spammers earns a few thousands of euro’s then they’ve probably made a nice profit.
Basically, people should not respond to spam. They should recognise what spam looks like, which is why I’ve written this post. Do not even open spam just to check the contents since your mail reader might already offer spammers with some information. I am a trained professional and I know what I’m doing when I check spam. My browser is set up in a secure way, my antivirus software is always up-to-date and I am really careful with spam messages and I avoid mail readers that might send information back to the sender. Then again, I have more than 20 years of experience dealing with malware, viruses and spam. Don’t expect that you can do that even someone with 20 years of experience tries to avoid! Because I think education is important but I would have preferred to throw away all those messages without even a single look!