Spammers are tapping their own resources

October 3, 2008 at 7:25 am | Posted in Uncategorized | 7 Comments

You know all those spam emails that clutter up your inbox or junk email folder?  The ones you just throw away as soon as you see them, sometimes even BEFORE you see them, when the subject is a dead giveaway?  And even when the subject is NOT a dead giveaway, usually the english is so horrible that it’s laughable.  I assume it’s foreigners and not junior high students who are writing these and that’s why their english is so bad.

When so many people delete them so routinely, it makes you think why they do it.  It must be economical, otherwise they wouldn’t do it.  It is very cheap, but it must make a bit of money for the companies that have spammers advertise for them.  One out of a thousand, one out of 10,000 … some non-trivial proportion of the population must be responding to these emails.

Well, spammers themselves are trying to tap that market, the one in a zillion people who respond to these “ads.”  They’re trying to make their emails not so horrible sounding, with decent english, with the hope that even more people will read them, and they’re getting that one is a gazillion people to help them do it.  It’s smart, actually.  Some spammer was thinking to themselves, “My english not good.  How to make my texts as an english speaking person?   Who not smart but english speaking fix my words to be hearing normal language?”  This is my proposition, and it is based on the following piece of spam that I just received.

—–

Hello,

We are offering a part time job based on computer.

Job Description:

We will provide you with the texts for our employees with the important information and you will need to revise and correct the texts as an english speaking person and send them back to us.

Salary:

We don’t have a fixed salary for this vacancy. We will pay you $7.00 for every 1Kb of the text which you revise .  You will get paid at the END of each working month. So, your salary will depend on your activity.

Example: If you correct about 5Kb of texts per day you will get over $1000.00 at the end of the month.

Requirements:

-Location: USA
-Age: 20+
-Home computer, e-mail address and Microsoft Word
-Responsibility

To apply for the position, please, provide us with the following information to our e-mail: dating.hrjob@gmail.com

__________
FULL NAME:
HOME ADDRESS:
CITY, STATE, ZIP CODE:
Phone number (home or cell, but SHOULD BE available any day time):
E-MAIL:
AGE:
OCCUPATION:
EDUCATION:
AVAILABLE HOURS TO DEVOTE TO WORK:
———-

As soon as we receive your aplication we will contact you within 24 hours.

If you have any additional questions, feel free to ask.

Awaiting for your application.

Sincerely,
Dating Group Team
dating.hrjob@gmail.com

Advertisements

7 Comments »

RSS feed for comments on this post. TrackBack URI

  1. You’re right that spamming is economical. Because it is based entirely on criminal activity.

    Spammers do not send their spam through their ISP’s mail servers, nor do they run their own servers. That would cost too much, and would get their internet access cut off. Instead, they hack their way into other people’s servers, either using stolen passwords or by exploiting servers that don’t have the latest security patches installed. They then send one copy of the message, along with thousands of destination addresses, and let that innocent third party’s server do all the work.

    They are also known to use bot-nets. They’ll use standard virus/worm techniques to slip mail-sending code into computers around the world and have them generate the spam (and often collect the victim’s address book, passwords, and other information, for use in later criminal activities.)

    They can send out millions of spams for effectively zero-cost, because all of the work is being done by other people’s equipment, without the knowledge or permission of the owner. When your expenses are zero, all it takes is one single positive response to make the activity profitable.

    Before Washington started passing anti-spam laws, large companies like AOL were successfully prosecuting spammers for crimes like theft of service, criminal trespass, and an assortment of charges relating to computer hacking.

    Unfortunately, the spammers still win because it is difficult to identify who these criminals are. They often relay their work through computers in several countries, making it impossible for law enforcement to do anything without international cooperation.

  2. Indeed. I guess I just find it hard to see why ANYone would actually respond to these “ads.” Obviously they do, for the same reason junk mail is still around; and they PAY for sending out THEIR stuff.

  3. It’s not just for ads; it’s for phishing attacks. That’s where the real criminal money-making activity is. At work I see all kinds of phishing examples. Almost always, the English is poor. Imagine just how much more convincing the phishing attacks are with proper English!

  4. One unexpected source of success for Phishing attacks is the amazing lack of knowledge, not just by the public, but by institutions as well. I routinely get e-mails from my banks, credit cards etc., with links to their site and their latest offers. I can’t click on them because they COULD be Phishing. So the banks should not send them.

    I even got an e-mail from my own company here at work, with a link to the AmEx site, asking all of us to change some settings on our accounts (electronic billing). I informed them that I could not possibly follow this link (links can be spoofed, you must follow a bookmark or type it in carefully yourself.) and they seemed unaware of this risk.

    Amazing.

  5. SCD: You don’t have to be that paranoid. Assuming you have a good mail client, you can check to see where the link goes before clicking on it. If your link is going to (for instance) http://www.suntrust.com/…, then that is actually going to the bank. If it instead going to http://www.suntrust.com.kasdfbjkw.com/…, then it’s going to a server in the kasdfbjkw.com domain, and not the bank.

    Remember also, that phishing attacks can only collect what you give them. If you are given a link to an information page, that’s harmless. If the linked page asks for information, then you should be more cautious – perhaps by going to the insitution’s well-known home page and accessing the content from there.

    Knowing how your web browser handles secure sites also helps. If the site is encrypted (an https://… link, and the browser usually will indicate the status with a padlock icon somewhere in the status area), you should be able to get information about the site’s security certificate. Make sure the certificate is issued to the site you think you’re accessing and that your web browser successfully validates it. Assuming the certificate passes validation and is issued by an well-known agency (your web browser should come preloaded with certificates from the biggest agencies), then you know it’s ID information is not forged. And your browser will alert you if the ID information doesn’t match the site you’re accessing.

  6. Thanks for the info it is somewhat reassuring, but we live in different worlds.

    FOA, the site I was talking about was asking for sensitive info. I would have had to put in my account number, my secruity numver, etc. in order to request paperless statements.

    SOA, I have no idea how how to check certificates and what not. Many times here at work or at home, sites I trust and got to on my own (not Phishing) give warnings about expired certificates, etc. So how can I trust that I am safe when even safe sites give certificate warnings?

    As for browser protections, I’m sure you are right, and I’m glad to know that they have such protections, until someone figures out a way around them.

    For now, I think I’ll err on the side of caution and just not click on links in e-mail. Many security articles I have read advise this course of action.

  7. If you get certificate warnings, don’t trust the site. Period. If they are asking for sensitive information, contact them off-line and let them know that their web site is insecure and that you won’t be doing business until they fix their security problem.
    The next time I make my way to NJ (around once a month, schedule permitting), I can drop by for a visit and point out the things to be on the lookout for. It’s not difficult, but is hard to explain in e-mail, since we probably aren’t using the same programs.
    But you’re right – if you’re not certain about what to look for, then by all means avoid following mailed links (or at least avoid providing sensitive information on those linked pages.)


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: