đ§ The Official Spam Emails Threadâ˘
-
Apparently Microsoft is running a lottery and using a Yahoo email address to hand out the winnings. And apparently I'm a user of something called MSN-WORD.
You should reply and tell him those weren't your numbers and see what he does.
-
I very much doubt that there's a real person on the other end, let alone one with a sense of humor.
-
I very much doubt that there's a real person on the other end, let alone one with a sense of humor.
Of course there is. How else do you think they'll scam suckers? (I actually, a looong time ago, hassled someone sending one of these. You're right about the "no sense of humor" bit.)
-
Also, randomly switching fonts throughout the email was a nice touch.
My guess is that Mr.
Brian Binghamdemands his own special font.
-
Lolwut?
-
That
-
"Hmm, which version of our spam message should we send?"
"Why not all?"
-
THE GREEN MACHINE
Cool name!
-
Seen right as I cleared my spam email thread:
SUBJECT: Background Checks: You really need to see who your spouse is texting!
Wait, I had a spouse and didn't even know it? I feel like I'm missing out on some things here...
Also, had another one purporting to be a personal message from Bill Gates who will give me $5M.
-
I had a spouse and didn't even know it?
I tried it. Didn't work. Still don't know who my wife has been cheating on. #NaN/10, would not buy again.
-
Oh no, not my Hotmail/live/outlook account! Whatever shall I do!?
I better click on that "
EMAIL%20ACCOUNT%20UPDATE.htm" link immediately. "I MUST", it says right there.Alas, it seems the kind people of the Windows Live Hotmail Team have accidentally linked to a local file, that I unfortunately don't have on my computer.
I can only hope a different random message can save my precious a************@Hotmail/live/outlook account from this malaise.
-
Does it still count as phishing if you can't even fall for it if you're sufficiently stupid?
-
Does it count as phishing if you can't even fall for it if you're sufficiently stupid?
Hey, you never know. This could be a devilishly clever multi-pronged attack, where they first inject an infected html document, and then get you to open it using their masterful social engineering skills.
-
This reminds me, I should probably check on that old Yahoo account and see if it's deleted....
-
So let me get this straight. An African bank waited fifteen years to send me an email via Yahoo's Japanese email servers about a German guy who apparently died in a plane crash.
I Googled the guy's name, and after a first few results about email scams, there's a Telegraph.co.uk article published three days before the guy died about the plane crash.
So now we know it's a German Japanese African French time traveler. Ok, sounds legitimate so far. What else do you have?
Well, apparently they want me to give them my full name (which they already had because it's my email address), my private telephone number (which is already available on the first page of Google results for my name), my resident address, which is 0x537eb230, and a scan of my passport if any, which I don't have.
What do I get if I give them those things? I get to pay them $3,150,000, after which the banker will be allowed to keep $5,850,000. I have not yet been informed what happens to the remaining $3,150,000. Presumably it goes to the dead German guy. Or there's some really harsh African tax or something.
-
I was just wondering how many families he had:
-
Longest subject:
BANK OF AMERICA (BofA) DEPT: Credit Control / Telex Dept. ADVISE: Your Foreign Payment Notification Attention Beneficiary, Your Foreign payment is here with the Bank of America, New York, but we want to confirm before releasing the fund to your nominating Partner, did you authorize Mrs. Patricia Sanders from Charlotte, North Carolina to come and claim your ATM Visa card worth of $1.500.000 dollars on your behalf? Please if you did not authorized anybody to claim the ATM Visa Card get back to us for more informations. Yours faithfully, Dr.George Wayne Chairman & CEO Office Bank Of America New York USA
Yes, that's subject, not the body.
You've missed my point: Notes allows (or it did in 1998) the subject to have line breaks in it, so the technologically inept can write their entire message, formatted in a plain-text sort of way with multiple paragraphs, line breaks, and so on, in the Subject field.
So with Notes, the subject-message above could have looked like this, ALL IN THE SUBJECT FIELD, WITH AN EMPTY BODY FIELD:
Subject: BANK OF AMERICA (BofA) DEPT: Credit Control / Telex Dept. ADVISE: Your Foreign Payment Notification Attention Beneficiary
Your Foreign payment is here with the Bank of America, New York, but we want to confirm before releasing the fund to your nominating Partner, did you authorize Mrs. Patricia Sanders from Charlotte, North Carolina to come and claim your ATM Visa card worth of $1.500.000 dollars on your behalf?
Please if you did not authorized anybody to claim the ATM Visa Card get back to us for more informations.
Yours faithfully,
Dr.George Wayne
Chairman & CEO Office
Bank Of America
New York
USA
-
Enough for you to be a member of one of them, clearly!
-
Here's a classic returning:
-
I don't read Swedish1. All that looks like pseudo-Latin to me!
1 Though I can almost swear I know what "Klicka har fĂśr" means2.
2 Why would you click a hare's fur though?
-
-
-
-
Fucking finally.
-
I suspected as much, but we haven't been awarding much lately, so what they hey, eh?
-
we haven't been awarding much lately
Heh, I can't imagine why...
But in the absence of a "stating the obvious" badge, I'll take it!
-
So, we've gotten a couple CEO Fraud e-mails that made it through to an end user's mailbox over the past month or so. I guess I should look through the headers and see why the mail made it through, open a case with Exchange Online support or at least submit the mail for updating the filters.
Let's see...
ď failed the SPF check
ď sent from an IP that's been on the SORBS SPAM list since May
ď Reply-To is different from the From address and the Reply-To is on a publicly available "free mailboxes" domain
ď X-Sender is from a completely different domain than either From or Reply-To
ď body contains English (Google Translate) phrasingMessage got a SCL of 1
Of course, it's been hours since I opened the case and I haven't gotten more than a cursory "your ticket is assigned" response. Never mind me explicitly stating this was a critical issue in my description - system's not down, so we'll get back to you between 3pm and 1pm next Tuesday.
-
Reply-To is different from the From address
I still haven't figured out why spam emails have different addresses for those. Is the From address a real person that they're impersonating or something?
-
For CEO Fraud e-mails, nearly always.
The standard format goes like this:
From: bossman@yourcorp.com
To: secretarytype@yourcorp.com
Subject: URGENT MONEY TRANSFER
Body: I need to complete a wire transfer today, I'll get back to you with the details, do we have the monies there?And the principle is the same as most other phishing techniques -- once a victim responds, use fear techniques to get them to ship you the money as quickly as possible, before they have time to really think about it, or notice that all your writing seems to be in a particular "It used to be Russian" dialect of English.
-
Most of the spam I get is from people pretending to be african bankers.
-
When one goes out into the brave wide world and gets a job, especially if one works as a secretary / accounting type or as the IT guy who has to clean up after said types, the types of phishing e-mails get much more sophisticated.
Usually because there's more money in that compared to phishing in mum's basement.
-
Maybe someone's trying to scam @ben_lubar out of his extensive collection of carp and goblin skins...
-
I got two emails in the space of about 12 hours. They look like this:
From: Youtube+ Notifier <eeizdehomh@excite.co.uk> Subject: Deferred mails scrupulously Body:
YouTube
Deferred mail.Sincerely yours
Youtube+ teamŠ 2015 YouTube, LLC 901 Cherry Ave,
From: Skype Support <ctessiezu@ganymede.com> Subject: Deferred e-mails scarborough Body:
Skype
Deferred e-mail.Respectfully
Skype teamŠ 2015 Skype and/or Microsoft. The Skype name, associated trade marks and logos and the "S" logo are trade marks of Skype or related entities. Skype Communications S.a.r.l. 23-29 Rives de Clausen, L-2165 Luxembourg.
The fun part is in the raw bodies.
First email:<html> <head> <title></title> </head> <body style="background:#f0f0f0;"> <div style="max-width:700px;"> <table cellspacing="0" cellpadding="0" style="background:#fff;font-family:arial;font-size:13px;color:#333;width:100%;"> <tr> <td style="padding:20px;"> <div pooling=1 style="background:#f0f0f0;padding:0px 10px"> <span style="font-size:22px;font-weight:bold;color:#333;margin-right:2px;">You</span><span style="font-size:22px;font-weight:bold;color:#fff;background:#bf171d;border-radius:10px;-webkit-border-radius:10px;-moz-border-radius:10px;border:solid 5px #bf171d;">Tube</span> </div> <br/> <br/> <b testicles='12'>Deferred mail.</b><br/> <br/> <a piotr="cultivators" style="color:#0000ff;" href="http://alseFUCKOFFYOURNOTGETTINGHITSFROMMEhameg.com/en/methodologies.php">View mails</a>.<br/> <br/> Sincerely yours<br/> Youtube+ team<br/> <br/> </td> </tr> <tr> <td volstead='parts' style="padding:0px 20px 20px 20px;background:#f0f0f0"> <div censurer="proviso" style="padding-top:10px;font-size:11px;color:#7c7c7c"> © 2015 YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066. This mail was sent to [redacted] because you indicated that you are willing to receive occasional YouTube product-related mails. If you do not wish to receive such mails in the future, please unsubscribe. You can also change your preferences by visiting your Email Options in your YouTube account. </div> </td> </tr> </table> </div> </body> </html>
Second email:<html> <head> <title></title> </head> <body lydia="8" style="background:#fff;"> <div style="max-width:700px;"> <table cellspacing="0" cellpadding="0" style="background:#fff;font-family:arial;font-size:13px;color:#333;border-right:solid 1px #eee;border-bottom:solid 1px #eee;width:100%;"> <tr> <td guidebook="legibly" style="font-size:30px;color:#17B4EF;padding:20px;font-weight:400;">Skype</td> </tr> <tr wrens='91'> <td philharmonic=95 style="padding:0px 20px 20px 20px"> <b back="7" style="color:#999;font-size:18px">Deferred e-mail.</b><br/> <br/> <a microwaves=78 style="color:#0078ca;" href="http://empleo.construFUCKOFFYOURNOTGETTINGHITSFROMMEguate.net/jsjobsdata/corks.php">View e-mails</a>.<br/> <br/> Respectfully<br/> Skype team<br/> <br/> </td> </tr> <tr pandemic="8"> <td cripples="falconer" style="padding:0px 20px 20px 20px"> <div allegiances='4' style="padding-top:10px;border-top:solid 1px #eee;font-size:11px;color:#888"> © 2015 Skype and/or Microsoft. The Skype name, associated trade marks and logos and the "S" logo are trade marks of Skype or related entities. Skype Communications S.a.r.l. 23-29 Rives de Clausen, L-2165 Luxembourg. </div> </td> </tr> </table> </div> </body> </html>
Filed under: <b testicles='12'>; You think you're bold? I have more balls than you.
-
microwaves=78
IOT ready!
-
[rhetorical] Why do they bother with that stuff? [/rhetorical] A good Bayesian reasoner just throws it out as noise, and instead picks up on things that are actually shown to users.
-
-
A good Bayesian reasoner just throws it out as noise,
The last time I was paying attention to this, I think the theory was "throw so many random words that don't have spammy scores that they'll overwhelm the spammy words", possibly by getting lucky and including a word that had been determined to be relevant to the recipient's interests.
-
On the other side of the fence, if I were writing a filter, one of the tests I might add after seeing this is that a large number of invalid HTML tags or valid tags with bogus attributes should raise the spamminess score.
-
As a plus, it would also block any email sent by Outlook.
-
I suppose one could white-list known
mso-*values, if one wanted to get email from Outlook.
-
I think the theory was "throw so many random words that don't have spammy scores that they'll overwhelm the spammy words"
But in the process it has to overcome the fact that the rest has become poisonously spammy. Bayesian classifiers are difficult to defeat because they treat this sort of thing as (ignorable) noise. And guessing the users' preferred keywords is a different order of challenge; it's really taking it from normal spam to spearphishing.
No, I'm going to guess âmoronâ on this one. It's an excellent starting point for assumptions with both spammers and those who succumb to their blandishments.
-
if one wanted to get email from Outlook.
-
No, I don't have access to the internet and have up to three hours spare time `per-week`.
TIL full time ~= three hours spare time.
I'm not sure if I want to contact Paul Godwin on that time scale...
Edit: Why is "Godwin" such a popular name?
-
It goes on like this for several screens...no fucking clue:
-
no fucking clue:
Attempted to Google Instant Translate Image that. NFC what language that is.
-
Attempted to Google Instant Translate Image that. NFC what language that is.
It's Russian. Gmail detects it. Allowing it to be translated, it looks like an ad for Russian accountancy training seminars. Towards the bottom, I see this:
Participation fee 2.12. 9900 rubles (VAT exempt) training, lunch kits records, distributing working material.
10% discount when registering with this mailing. (8900 rubles)
15% discount for 2 or more participants from the same organization. (8400 rubles)Please note that the seminar 2.12. combined with the seminar 3.12. leading specialists of the Ministry of Finance and the Federal Tax Service of Russia for income tax, VAT, property tax (program below)
This is done deliberately, because O.Lapina in his little lecture for the main taxes, and there will be a package of two seminars cover the entire range of accounting issues (optional, of course).
-
Gmail detects it.
Ah. Useful to have the actual text I guess, or someone who can identify glyph patterns better...
-
I find the cyrillic alphabet fairly easy to identify. It looks like a weird all-caps version of the latin alphabet. Its lowercase glyphs are pretty much a smaller version of its uppercase glyphs, so it always seems like shouting.
To me these characters in particular are a giveaway: и, Đ´, Ń, Ń.
So Russian would have been my first guess, yes.
-
So Russian would have been my first guess, yes.
It could also have been Ukrainian, Bulgarian, or a few other languages that also use the Cyrillic alphabet, but yes, Russian is the most likely.
It looks like a weird all-caps version of the latin alphabet.
AIUI, it was originally based on Greek, so some of the letters are the same, or similar, in all three alphabets. Some are more similar to Greek than Latin, and several are unique to Cyrillic. (Those are the ones I can never remember how to pronounce.)
-
