Thursday, June 7, 2007

Abdul has sent me an e-card!

My good friend Abdul sent me an e-card yesterday afternoon. It's good to hear from him again.

Seriously now, sp/cammers are very creative. This is the first spam email I have received that used a legitimate e-card and photo sharing site as a delivery vehicle. You have to give these guys some credit. They are very creative in the methods they use in attempting to evade standard spam filtering techniques.

How it works
This is a new twist on a newer technique used by sp/cammers. Its image spam in a way, but a little different. I’ll call it e-card spam for lack of a better term. Anyway, here is the story; I received Abdul’s e-card in my gmail account.

As you can see from the screen-shot, gmail and most respectable email clients nowadays automatically block images in emails from untrusted sources. This is not a big deal to sp/cammers though as they are interested in getting the email to your inbox then using motivating statements and phrases to get victims to act. Let’s say for a minute that I am one of those people.

I allow the image to be displayed in the email by clicking the “Display images below” link in gmail.

Oh! I see. Abdul wants to give me a large sum of money! This must be my lucky day.

Actually, most of us have seen emails with similar text. We know it’s a scam (I hope!). These scams must be working though otherwise the sp/cammers wouldn’t continue to send the emails and devote the time to find new scan evasion techniques. Clicking on the image in the email brings me to Abdul’s e-card.

NOTE: I do not advise clicking links in emails unless you are absolutely sure you know where it leads first!

The email and techniques used in the spam email are not earth shattering by any means, but there are some important topics to note.

1. These “official” attorney letters promising big payouts from their client’s estates et al must still be luring victims. This is sad.

2. The technique used to get the spam to my inbox was a little different than most I see, i.e. using a public photo sharing site as the host of the image.

3. More than likely the sp/cammers lose the ability to track my actions in clicking the image which is different than if they were hosting the image on their own sites. They are willing to forego this information.

4. You can block this spam easily by clicking the “To stop receiving photos and videos from all Ringo members, click here.” Link. This would work for Ringo originated e-card spam anyway.

NOTE: I do not advise clicking links in emails unless you are absolutely sure you know where it leads first!

5. Review of the email header provides some interesting information (they always do!). This email was in fact sent through Ringo’s systems. Ringo uses Habeas as an email accreditor which makes it much easier for the sp/cammer to get the email to you and me!

6. The bottom of the email includes a warning from Ringo in 7.5pt font; “Ringo advisory - Avoid scams. Beware of messages that mention sweepstakes, lotteries, money-making offers, work-at-home opportunities, etc.”

All-in-all I am not terribly impressed, but I can see potential in sp/cammers enhancing this technique to get more spam past filters and into my inbox. That doesn’t make me happy.

Please comment if you have something to say or shoot me an email.

No comments: