jducoeur: (Default)

I just got an email that looks, for all the world, like an attempt to make a hotel reservation. The English is fairly atrocious, and it appears to be bcc:'ed to me, but damned if I can figure out what the scam is here -- there are no links, no requests for me to send anything except a confirmation and the cost to put up 10 people in mid-May.

Mind, I still figure it's a scam -- some long-play attempt to get at my personal information or something like that. But I will admit that this could just be someone who is very, very confused...

jducoeur: (Default)
Today's study in Weird Spam starts off with,
It is with pleasure that we invite you to take part in the 2017 world conference on Global Security, Save The Life And Terrorism In The World. This conference Scheduled to take place from [February 15th to 19th, United States and Senegal from February 22nd to 26th 2017].
It's obvious phishing spam, and was properly marked as such in Gmail.

The punchline? This conference is organized by the "World Thoracic Society".  That word, I do not think it means what you think it means.

Really, I kind of suspect they chose an important-sounding word at random.  Am I missing a definition that would make this make sense?
jducoeur: (Default)
Continuing my policy of calling out Major Companies That Ought to Know Better: I just got half-a-dozen copies of a spam in my accidental waks.org honeypot. They're all from "Quest", which is apparently the company that used to be Dell Software, now purchased and renamed.

So -- let's hear it for Quest, the software company so incompetent that they are doing their marketing via the same full-of-fake-email spam lists that the script kiddies use...
jducoeur: (Default)
On the downside, I'm a bit cranky that somebody has clearly come up with a new spam service this week: the amount getting into my Gmail Spam box (as opposed to being deleted outright) has abruptly risen tenfold.

On the upside, some of these new script kiddies are so incompetent that it's almost a little endearing. Like the several copies of spam I just got whose subject line is literally "You Have Been Selected For [PRODUCT] Samples." And yes, the content of the email (in enormous, boldfaced colored letters) is, "Hey Jducoeur, [PRODUCT] Sampler is Waiting". Somebody apparently doesn't understand that there aren't actually hordes of Americans who are anxiously awaiting [PRODUCT].

Sometimes I can almost see (if I squint a lot) how some particularly naive people might be fooled into clicking on some of these spams. But seriously, folks, you have to at least try...
jducoeur: (Default)
Ah -- there's the followup.

In my rant the other day about Twitter's incompetence, I mentioned that I was continuing to get emails *after* I had rejected an email address. This just happened three times in a row, all identical, so I now see a bit more of what's going on.

The original fake accounts had email addresses of the form "wrigk2px@w***.org". I definitely rejected these, saying that they were not valid addresses. What has now just happened is that I've received matching emails from Twitter, one to each of them, with a subject line of "Thanks for checking in, [Fake Name]" saying (with a pretty graphic), "Nice to see you again. With the Twitter app [big graphic of a phone], you'll never miss a moment of the conversation. [Download button]". These are addressed to "RECLAIMED_172128452_wrigk2px@w***.org".

I have no idea what this "RECLAIMED" nonsense is about, but at this point I am much more prepared to slam Twitter for incompetence. I'm honestly unsure whether this followup spam is being initiated by the spammers or by Twitter themselves, but they are totally not taking enough care to remove bogus email addresses from the system. There is no excuse whatsoever for me continuing to receive emails to my domain after I have explicitly told them that this is not a real account.

And I should note, the really I am *seriously* angry at them is the complete lack of *any* obvious mechanism to report this. Their help system is a maze of twisty little passages that tries to enumerate every kind of problem they can think of, automating the support for each one. This problem isn't listed anywhere, and the ones that are even vaguely close all lead into complex and inappropriate forms that are definitely *not* appropriate. I can't find an "other" category anywhere, nor any way to, eg, contact a support representative, after about fifteen minutes of clicking links all over the place. So I haven't yet been able to figure out any way to report this problem, leaving me with little option but to vent publicly. *That* is almost definitionally incompetent customer service.

(The only thing I can think of is to link to @Support, which I'm going to try with this post.)

I suspect I'm going to have no choice but to install the rather expensive Block Sender app (thanks to Laurion for suggesting this line of thinking), and hope that it works. But even if it does, Twitter deserves brickbats for forcing me into this and not providing a decent approach...
jducoeur: (Default)
Okay, the only way to get a rise out of anybody these days seems to be embarrassing companies on social media. Let's see if Twitter is paying any attention.

One of my domains has a long-standing but rapidly growing problem with Twitter Spammers. Specifically, some jackass has decided to use my personal domain to create lots of fake accounts on Twitter. This used to be only occasional, but I got three of them today, all pretty bloody obvious: I got confirmation emails to "hiv3s7@w***.org", "wrig7ryv@w***.org" and "wrig2px@w***.org". Of course, none of these are real emails, but they all land in my inbox since I own the domain. And the hell of it is, I can do *nothing* to shut these fraudsters down!

Seriously, this is where, as far as I can tell, Twitter is simply giving a gigantic f-u to anyone who owns a domain. The *only* thing I can do is to respond individually to each of these and say "this isn't my email address". That doesn't actually shut down the spammy twitter account -- I can't even say, "I own this domain, and I am 100% certain that this is an attempt to spam". There is absolutely nowhere I can find on Twitter's Help system to let me say, "my domain is being attacked through you; stop allowing people to sign up through w***.org", and there is no sign that they are noticing that every attempt to sign up via w***.org is being rejected and gee, maybe they should learn something from that.

It's getting to the point where I'm thinking of writing Twitter off as a bad idea, and simply spam-boxing all email from it, rather than trying to be helpful. I wish I had the slightest indication that they actually cared in the slightest about their users...
jducoeur: (Default)
Got this spam on the SCA Questions list the other day. I haven't the slightest clue what they are thinking, nor even what language a few of these words are supposed to be from, but man -- I can *so* see confusing a poetry slam with a dramatic reading. (The combination of punctuation and repeated words just *makes* it as performance art, not to mention that a bunch of lines are more or less iambic.)

potboy baboo nopal.
lives grouch gooey budge!
cashew chalk coatee oakery?
potion alb feel bay.
mix give scamp.
pupa blase.
pawn sin.
oakery estop reflux wen?
bled sin tops cashew.
fully cooker swathe nimbus!
alb fully glover.
smelt brazil public penes.
gasper reflux pink sap.
sniffy ape nimbus gypsa.
fiber cashew rococo agile?
tempi sap elan grouch!
slam public.
chose moving alb rococo.
estop lives.
luting nimbus valuer rococo?
gird seer nimbus hubby!
moving shrink large.
pant acuity luting wen?
arise alb nopal.
jducoeur: (Default)
Got this spam on the SCA Questions list the other day. I haven't the slightest clue what they are thinking, nor even what language a few of these words are supposed to be from, but man -- I can *so* see confusing a poetry slam with a dramatic reading. (The combination of punctuation and repeated words just *makes* it as performance art, not to mention that a bunch of lines are more or less iambic.)

potboy baboo nopal.
lives grouch gooey budge!
cashew chalk coatee oakery?
potion alb feel bay.
mix give scamp.
pupa blase.
pawn sin.
oakery estop reflux wen?
bled sin tops cashew.
fully cooker swathe nimbus!
alb fully glover.
smelt brazil public penes.
gasper reflux pink sap.
sniffy ape nimbus gypsa.
fiber cashew rococo agile?
tempi sap elan grouch!
slam public.
chose moving alb rococo.
estop lives.
luting nimbus valuer rococo?
gird seer nimbus hubby!
moving shrink large.
pant acuity luting wen?
arise alb nopal.
jducoeur: (Default)
[Happy (rare) birthday to [livejournal.com profile] napoleons_mommy!]

Okay, I can't really fault the SCA site's filters in this particular case. This morning's email to the Questions List had the Subject line "Change from dagger to BROADSWORD!" Of course, it's penis-enlargement spam...
jducoeur: (Default)
[Happy (rare) birthday to [livejournal.com profile] napoleons_mommy!]

Okay, I can't really fault the SCA site's filters in this particular case. This morning's email to the Questions List had the Subject line "Change from dagger to BROADSWORD!" Of course, it's penis-enlargement spam...

Spamizdat

Dec. 21st, 2006 09:53 am
jducoeur: (Default)
So in my more paranoid moments, I contemplate the possibility of the government mounting a self-coup, and trying to turn the country into a truly authoritarian state. (I don't think the current Administration will, but that's more because I don't think they're competent enough than that they wouldn't like to do so.) In which case, the question arises: how do you organize the resistance? Specifically, how would such a hypothetical resistance communicate?

It's not an easy problem. I take it for granted that the government is monitoring at least a large fraction of electronic communications today -- I think it's likely that they're sniffing all email that goes through the main backbone of the Net. Lots of people say that Encryption Is the Answer, but that's just not true: until and unless encryption becomes truly widespread (and kudos to Microsoft, who are making a real effort to do that with their new network stack), if you use encryption you are *totally* obvious, and become an immediate target. Encryption is only really effective in such a situation if it doesn't *look* like encryption.

Which brings up the idea: what about hiding your secret messages in spam? I mean, think about it. Spam is everywhere today, and it's perfectly normal for ordinary, harmless machines to be sending it out. It accounts for a *huge* fraction of all email sent, and the government sniffers have to be filtering against it.

But spam *is* essentially an encryption mechanism, designed to be hard for machines to read but easy for humans to do so. Typical modern spam contains images full of random noise, and tons of randomly-chosen and often misspelled words -- loads of just the kind of entropy that makes for good data-hiding. Any software engineer who can't figure out how to harness that for hiding secret messages should hang up his keyboard. Done right, I bet it it would give the NSA *fits*. It's hard enough to recognize that a given message *is* spam -- I'd bet that figuring out that it isn't *really* spam, but actually contains embedded communication, is much harder.

So remember: when the time comes, and people are up against the wall, spam may prove to be your best friend...

Spamizdat

Dec. 21st, 2006 09:53 am
jducoeur: (Default)
So in my more paranoid moments, I contemplate the possibility of the government mounting a self-coup, and trying to turn the country into a truly authoritarian state. (I don't think the current Administration will, but that's more because I don't think they're competent enough than that they wouldn't like to do so.) In which case, the question arises: how do you organize the resistance? Specifically, how would such a hypothetical resistance communicate?

It's not an easy problem. I take it for granted that the government is monitoring at least a large fraction of electronic communications today -- I think it's likely that they're sniffing all email that goes through the main backbone of the Net. Lots of people say that Encryption Is the Answer, but that's just not true: until and unless encryption becomes truly widespread (and kudos to Microsoft, who are making a real effort to do that with their new network stack), if you use encryption you are *totally* obvious, and become an immediate target. Encryption is only really effective in such a situation if it doesn't *look* like encryption.

Which brings up the idea: what about hiding your secret messages in spam? I mean, think about it. Spam is everywhere today, and it's perfectly normal for ordinary, harmless machines to be sending it out. It accounts for a *huge* fraction of all email sent, and the government sniffers have to be filtering against it.

But spam *is* essentially an encryption mechanism, designed to be hard for machines to read but easy for humans to do so. Typical modern spam contains images full of random noise, and tons of randomly-chosen and often misspelled words -- loads of just the kind of entropy that makes for good data-hiding. Any software engineer who can't figure out how to harness that for hiding secret messages should hang up his keyboard. Done right, I bet it it would give the NSA *fits*. It's hard enough to recognize that a given message *is* spam -- I'd bet that figuring out that it isn't *really* spam, but actually contains embedded communication, is much harder.

So remember: when the time comes, and people are up against the wall, spam may prove to be your best friend...
jducoeur: (Default)
The bad news: some spammer is sending out a substantial quantity of spam (a couple hundred a day) that purports to be from our domain, so we're getting all those bounces.

The good news: they seem to have hooked upon a single false email address that all that email is coming from. Don't know where they came up with that particular permutation (it doesn't look randomly generated, but it's not one we've ever used), but pretty much all of the current spam is coming from it. So filtering out the bounces is nicely easy...
jducoeur: (Default)
The bad news: some spammer is sending out a substantial quantity of spam (a couple hundred a day) that purports to be from our domain, so we're getting all those bounces.

The good news: they seem to have hooked upon a single false email address that all that email is coming from. Don't know where they came up with that particular permutation (it doesn't look randomly generated, but it's not one we've ever used), but pretty much all of the current spam is coming from it. So filtering out the bounces is nicely easy...
jducoeur: (Default)
Okay, yes -- they deserve to be dropped in a vat of boiling oil and left there until well crisped. But still, one has to be impressed by the cleverness of the stock-push spammers. Today's variation seems to be email with many very short, very wide animated GIFs embedded in it. When you open the email, the GIFs begin to play, showing random slight visual garbage that eventually resolves into the usual "INVESTORS WATCH OUT! FIRM WILL BLOW YOUR MIND!" spam message. No single GIF contains anything other than garbage: you have to render all of the GIFs, laid out properly, in their final frame, to see the text.

I have to wonder how many people are falling for these things at this point. I mean, they're actually hiring some halfway smart programmers here, as they try to stay a step ahead of the spam filters, and they're working hard -- I can see the spam tech evolving week by week...

Edit: Okay, not quite as smart as I thought -- upon closer inspection, it's still all a single GIF, that just happens to render bit by bit for no apparent reason. So the final frame is still the same as the previous round of spam tech; shouldn't take long for the anti-spam forces to catch. But I suspect they'll think of the many-little-images version soon...
jducoeur: (Default)
Okay, yes -- they deserve to be dropped in a vat of boiling oil and left there until well crisped. But still, one has to be impressed by the cleverness of the stock-push spammers. Today's variation seems to be email with many very short, very wide animated GIFs embedded in it. When you open the email, the GIFs begin to play, showing random slight visual garbage that eventually resolves into the usual "INVESTORS WATCH OUT! FIRM WILL BLOW YOUR MIND!" spam message. No single GIF contains anything other than garbage: you have to render all of the GIFs, laid out properly, in their final frame, to see the text.

I have to wonder how many people are falling for these things at this point. I mean, they're actually hiring some halfway smart programmers here, as they try to stay a step ahead of the spam filters, and they're working hard -- I can see the spam tech evolving week by week...

Edit: Okay, not quite as smart as I thought -- upon closer inspection, it's still all a single GIF, that just happens to render bit by bit for no apparent reason. So the final frame is still the same as the previous round of spam tech; shouldn't take long for the anti-spam forces to catch. But I suspect they'll think of the many-little-images version soon...
jducoeur: (Default)
This was almost certainly advertising some sort of Pills Sold Cheap (I deleted it reflexively before the contents even became visible). But I am amused by the Subject line, which came out as:
"***SPAM*** It is absolutely good for you!"
and which gave me an immediate gut-level expectation of an email touting the health virtues of processed lunch meat...
jducoeur: (Default)
This was almost certainly advertising some sort of Pills Sold Cheap (I deleted it reflexively before the contents even became visible). But I am amused by the Subject line, which came out as:
"***SPAM*** It is absolutely good for you!"
and which gave me an immediate gut-level expectation of an email touting the health virtues of processed lunch meat...
jducoeur: (Default)
Okay, it's an evil phishing spam. But most of these phishing attempts are so pathetically lame, I have some small admiration for one that's well-executed. In this case, it claims to be a response to an eBay argument -- a faked reply. I've gotten these before, but this one has just the right tone: very defensive, with the person at the other end getting very offended about having been threatened over a bad bid. The immediate gut reaction is to log in and say, "Sorry, but you've got the wrong person". But of course, the "Respond Now" link (alone of the links in the message) goes to a phishing site.

I'm far too suspicious to fall for this, but it's nicely executed, and a good reminder to continue to be suspicious of all links found in email...
jducoeur: (Default)
Okay, it's an evil phishing spam. But most of these phishing attempts are so pathetically lame, I have some small admiration for one that's well-executed. In this case, it claims to be a response to an eBay argument -- a faked reply. I've gotten these before, but this one has just the right tone: very defensive, with the person at the other end getting very offended about having been threatened over a bad bid. The immediate gut reaction is to log in and say, "Sorry, but you've got the wrong person". But of course, the "Respond Now" link (alone of the links in the message) goes to a phishing site.

I'm far too suspicious to fall for this, but it's nicely executed, and a good reminder to continue to be suspicious of all links found in email...

Profile

jducoeur: (Default)
jducoeur

August 2017

S M T W T F S
  1 2345
6 789101112
13141516171819
20212223242526
2728293031  

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags