Phun With Phishing

I have a lot of friends stranded overseas, and a lot of relatives who left me bzillions of dollars after dying fortuitously in a vehicle crash, and more than a few people who trust me enough to invite me to help them transfer a huge trust fund for orphans to safe haven in a US Bank account, at least according to some of the unsolicited email I get. I generally ignore these, simply because there are too many to answer them all, and it would be unfair to answer only a few and leave the others twisting helplessly in the wind, and also because 99% of them get caught by my email spam filter and routed to the most appropriate folder (the trash). Every once in a while though, one gets through, and sometimes it's even barely interesting, or else vaguely amusing.

Take this one, for example. In the current tough economic times, lots of folks are looking for jobs.

An email with the subject line “Job Offer !” could get just about anyones attention, at least for a moment or two. It got mine, though probably not in quite the way the sender(s) intended, since the first two things that caught my attention were the extra space before the “!” in the heading, and the return address of “jobs@carrerbuilder.com”.

Okay, so maybe the address “careerbuilder” was already taken. But frankly, there are likely enough properly spelled permutations still available to make this a weak excuse. It certainly doesn't excuse that annoying “ !” bit. This left me with a clear first impression: these guys can't use proper punctuation, and they can't spell. For a group purporting to help me build a career, they're not off to a great start. I wasn't impressed by the “no recipient” in the To field, either. I could assume they simply blasted this announcement out to a mailing list, but not bothering to call it something other than “no recipient” is at best lazy, and at worst just plain rude.

The body of the email isn't TOO bad; there are no more egregious spelling errors, although they still seem stuck on putting unneeded spaces in front of punctuation marks. The “job offer” itself isn't too outlandish – there really are mystery shopper programs out there, and legitimate companies do pay people to participate. This, however, isn't one of them.

As a matter of fact, it turns out that emails from “carrerbuilder.com” have already been flagged by several watchdog websites, such as this one, and the domain itself is simply parked. Color me not surprised.

Now, that would normally be the end of it. A lot of these types of phishing emails are sent purely to get the “no recipients” to reply, even if the reply consists of “BUZZ OFF!” (or something more colorful), in order to verify as many “live” email addresses as possible. Spammers will pay more for lists of verified email addresses; it's more profitable to phish in ponds they know are stocked. But these guys went one better: they helpfully included an Application Form, as an .html attachment. As my tinfoil hat is about two sizes too small, I rather doubt it's really an application form. I further doubt it's a benign little .html file that will do nothing more than open locally in my browser and display text, or dollar signs, or happy dancing bunnies. There a lot of file types that can contain executable code these days, code that will run as soon as the file is opened, under the right conditions, and .html files are certainly one of those types.

I'll probably save this not-so-benign .html file for later perusal – under the right conditions, of course. I do hope the helpful hackers at “carrer builder” aren't breathlessly waiting for me to send back my completed application. I don't accept candy from strangers, and I don't open attachments from them, either.

Neither should you.

Chain emails - the gifts that won't stop giving

I'll start off here with a disclaimer: not every chain/mass email is a malware spreading missive of misinformation, or yet another piece of scammer spam. Some truly are amusing, inspirational, or even informative. I've received things that have made me laugh out loud, moved me to tears, or been worthy of sending on in turn to other potentially interested parties. But like just about everything else on the intarwebs, the noise to signal ratio is high, and gems among the junk are far and few between.

A few months ago, I received yet another chain email from a friend who seems to do little with her inbox other than forward the daily contents to everyone in her address book. We've all got one: that friend or relative who happily shares every junk item they receive, apparently with the belief that someone, somewhere, will find it of some value, or perhaps with the fear that they really will get run over by a transit bus if they don't forward Oprah's Secrets For Success to at least seven people. Filtering my nearest and dearest straight into the spam folder isn't a viable option, and requests to be excluded from future mass mailings seem to be the one type of email that never gets through, so I usually just hit [delete] and move on.

However, this email was not only utter garbage, it was utterly outdated garbage. If you're going to send me crap, at least make an effort to send current crap. This time, I was compelled to compose and send a thorough reply.

Either $Friend ignored my reply or never saw it (I'd bet the latter; it probably got buried in a pile of Acai Berries), because the very next morning I received several more spam servings from her. With a little luck, she at least stayed true to form and forwarded my email to everyone in her address book. In case she didn't, and for the benefit of the few people left on the planet who aren't in her address book, I am posting an "open letter" version of my reply here. Hopefully it will resonate with many...and actually sink in with a few.

Dear Friend,

You know I love you dearly, but you need to not be forwarding this kind of stuff. I'm not even sure you DID forward it on purpose; this sort of spam often is spewed out by an infected computer behind the scenes without the owner even knowing it is happening. Hubby got the same email from you, and when he opened it, it suddenly copied itself all over his inbox - viral red flag behavior for sure. Girl, we want to see you SAFE, online and off. We can't do much about the latter, but we do the former for a living as best we can, for anyone and everyone (un)lucky enough to get on our radar. So, here goes:

1) "THIS TOOK TWO PAGES OF THE TUESDAY USA TODAY - IT IS FOR REAL"

No, it's not. It never was, never has been, and never will be. Honestly, just about every time I see something that blares out in all capital letters "IT IS FOR REAL", that's a dead giveaway it's NOT. And the more "!!!!" that follows said blaring, the more fake it generally is. That it was supposedly real in USA TODAY is the final capper. C'mon - when was the last time anything in USA TODAY was for real?? ;-P

2) "SORRY EVERYBODY.. JUST HAD TO TAKE THE CHANCE!!! I'm an attorney"

All tacky lawyer jokes aside, no self respecting attorney would be forwarding junk chain-email. Unless they're A) really bored and doing it for a joke or, B) their infected computer is doing it for them behind their back. Oh, and notice it's ALL CAPITAL LETTERS and has 3 "!!!" after it. DING DING DING - THAT'S A FAIL!!!

3) "Bill Gates sharing his fortune."

No, he's not. Bill Gates won't even share his fortune with his own kids, from what I hear. Oh, and FYI, Big Bill retired from Microsoft over a year ago - that IS a fact.

4) "It's all marketing expense to him."

No, but somewhere along the line it's probably "marketing" *income* to the yellow bellied pondscum sucking mouthbreathing spammer(s) who *start* these kinds of things, and who obfuscate themselves so that they're nearly impossible to trace. You are not "bound to get at least $10, 000.00". All you are bound to get, eventually, is bounce back notices from friends whose email inboxes have filled to capacity from viral emails like these. Or whose computers have crashed all together.

5) "Please forward this to as many people as possible." <-- **DANGER WILL ROBINSON, DANGER** If there's one written phrase in the English language that'll make me immediately smack the delete button, it's that. Well, that and hearing from some Nigerian banker that an Uncle I never knew I had just got killed in a plane crash and left me $5,000,000. All I have to do to claim it is send Mr. Noobiscam my bank account information and contact his lawyer perrymason@hotmail.com. Um, yeah. I'll get right on that. IMPORTANT (yeah, I know, all caps. So contact the "attorney" who sent this and sue me. ;-)): just how many email addresses are now attached to this sucker anyhow...? To: (MASSIVE EMAIL LIST WITH MULTIPLE FORWARDS - note: in my original note, I copied in roughly a half a page of email addresses, and that was less than half the email addresses in the multiple forwards)

That isn't even all of them, I was just making a point. Guess what? At best, that's how many more times this junk mail has circulated, and how many more people have to pick through it. At worst, that's how many computers are now infected if you've unwittingly forwarded a chain email that contains a link to a "driveby download" website, or worse, an embedded malicious payload. And no, badware doesn't have to come in an attachment anymore. It can be stuck right into the body of an email, if that email contains code or scripts that will run when the message opened.

Girlfriend, if I didn't care, I wouldn't have taken the time to write such a lengthy reply. Please, update the antivirus on your computer and do a scan NOW. And please, please, please, do not forward these sort of emails, and don't answer them. It's entirely possible the person you got it from didn't even send it on purpose. If they did, there *is* one email you can forward on to them - this one.

Give yourself, your husband, and the kids hugs from me and hubby, and if *they're* forwarding junk chain emails, whack them with a keyboard for me. 'kay?

Your sis,

-Peg


So, in closing, if you must forward, forward with some forethought, and not just for the sake of forwarding (and I promise, if you DO get run over by a transit bus, it won't have anything to do with bad email juju...unless you've been forwarding mass quantities of spam to a distribution list of bus drivers). If you take the time to weed out the junk and share only the gems, they're far likelier to actually be read, and even appreciated, by the recipient(s). Don't spread the spam. Think about it: do you stuff all the credit card offers, pizza coupons, and real estate flyers you get in your mailbox into an envelope and mail the whole mess off to your best friend, or your mom?

Oh, and if you get an unexpected email exhorting you to "CLICK HERE" in large red letters - like I just did - just don't.

Don't forward it, either. ;-)