K-Squared Ramblings

Double Meanings

A pair of spam subjects that recently came across the spam traps:

Looking to become a published author?

Give her climax after climax

Hmm, that sounds like writing advice when you take them together.

Spam or Not? Trick Question!

I try to hit Spam or Not a couple of times a week, since it helps train the MSRBL-Images blacklist. Tonight I came up against an image that seemed oddly appropriate:

I had to wonder if it was a trick question…

BlogExplosion Starting to Recover

It looks like the campaign to reclaim BlogExplosion is working! The efforts to bury the forum spam have brought new members into the site, and earlier this week a new administrator appeared on the forums, banning over 55 accounts used by spammers and deleting 13,000 spam posts. This morning, the banner approval I’ve been waiting for since August finally went through.

Things are looking up!

Let your fingers do the shushing

We’ve been getting more spam phone calls than usual the last couple of days, to the point where cursing out the recorded messages is actually getting a little boring. So it was almost a relief to pick up today and hear, “Hello, this is the Yellow Pages calling to update your free listing.” To me, Yellow Pages = White Pages, and we did indeed move last year, so this sounded quite normal and permissible. The caller went on. “We show the name of the business as Kelson Vibber, at [right number, wrong city and zip]. Is that correct, ma’am?”

Even though she pronounced “Vibber” correctly, I immediately had warning bells. Business? Since when did we become a business? And where did they get the address? It’s not like we use it for selling anything except eBay items, and we use the right address for that. “It’s…not…[wrong city],” I said, trying to decide what to do. I don’t recall whether she asked what it was, but I know what I said next. “I can’t give you the corrected information. The person who can isn’t in right now.”

“Well, when will that be possible, because we need it by 5 pm today.”

I didn’t think of it then, but there was a good reason my hackles went even further up at that: classic phish/scam technique of creating artificial pressure to give out data. Why the hell would a legit business wait until the last minute to try to get this info? “He won’t be available before then.”

“Well, I’ll try to call back, but you might not get your listing.”

Seeing as I couldn’t find a listing for us in any likely category of either the AT&T Yellow Pages or their local “companion” directory, and we’re not even in the online white pages under any address, this doesn’t seem like a very substantial threat. Listing us with an incorrect address isn’t going to make much difference to anyone. Not to mention the part where, hello, we’re not a business.

The good: the caller didn’t announce that the call might be recorded, and in any case I don’t recall answering “yes” to anything. Also, if they call back, I’m going to ask what we’re supposedly listed under, just to see if they say “auto insurance” or something bogus like that. The bad: actual businesses might fall for a scam worded like this. And if it’s a scam, who’s to say they weren’t recording the call anyway? I’m very glad I didn’t actually say any of the real address. The ugly: “Yellow Pages” and the walking-finger logo have apparently never been copyrighted, so there’s no way to hang scammers using that tactic. And people have reported being scammed by the Online Yellow Pages and receiving bogus bills for services they never asked for, subsequent to calls very much like this.

Moral of the story: beware of anonymous callers who can pronounce “Vibber.” (OTOH, if someone reading this is from the Yellow Pages and can verify that this is indeed your general and customary business practice, by all means let us know. And then point someone in management here, so they can see that their customers think their practices suck.)

Line Items for 2008-11-19: Docs and Cheese

• Latest spam trend: Word docs in Chinese. No clue what they are – I’m not going to open them! Also: Make Money Fast seminars…in Shanghai. #
• Making a list of my allergies. And I keep thinking I’m missing something. #
• I still find it amusing that http://caminobrowser.org/ focuses on a picture of the browser showing the Wikipedia entry for Cheese. #

Powered by Twitter Tools.

Line Items for 2008-11-18: Nofollow

• Sad: I disabled nofollow on my blog because it doesn’t solve the problem. Now comment spammers are trading lists of “do follow” sites. #

Powered by Twitter Tools.

Line Items for 2008-11-13: Picard’s Pills

• just got spam from “Patrick Stewart” for body-part enlargement. Reminded of that one SNL sketch with the cake shop. #
• Downside to linking blog with Twitter: When Twitter goes down, the blog’s admin area is veeeeeerrrrrrrryyyyyyy ssssssllllllloooooooooowwwwww #

Powered by Twitter Tools.

Line Items for 2008-11-07: Spelling, WPA2, Jokes

• Fall in SoCal = checking the weather report daily to decide between shorts or a heavy jacket. #
• I keep seeing pill spam with sensational election-related subjects. Oddly they can spell Obama correctly, but consistently write “McCane” #
• OK, chicken-and-road jokes are old hat, but this set using (mostly political) celebrities is new to me http://tinyurl.com/5jh33k #
• Time to upgrade your wireless network security to WPA2: http://tinyurl.com/6rn2lk #wifi #security #

Powered by Twitter Tools.

Stimulate your what?

We’ve been testing Baraccuda’s new BRBL spam block list at work. This involves flagging but not actually blocking messages, then me looking through the logs for potential false positives. I’ve found several, including the Star Wars Fan Club (I subscribed myself just to verify that it was really sent by a server at lucas-online.info) and a senator’s mailing list.

There’s also a lot of definite spam, and a lot of stuff that I just can’t tell. It’s marketing, certainly, but I have no idea whether the particular users actually subscribed or not.

Anyway, this subject showed up several times on the list:

Stimulate your bottom line with Microsoft Financing and the 2008 Economic Stimulus Act

Naturally, when I first skimmed the list only the first three words were visible.

Still Snickering

A couple of messages recently fell into the spamtraps with the subject, “Someone sent you Snickers Candy,” offering lots of free candy and exhorting, “Don’t resist temptation! Sign-up now to get started.”

One of the throwaway addresses used? dietsthatwork2008 (dot) com.

Obviously, that one doesn’t!

EV SSL Buzzword Used for Phishing

One of the great ironies of phishing is that, these days, identity theft via the web tends to work by preying on people’s fear of identity theft. It doesn’t help that most people don’t really understand the technology. The typical phishing message looks something like this:

Dear so-and-so. In order for us to protect your account from identity theft, we need you to give us all the critical information that we already have. Otherwise, your account will be locked.

These typically use actual bank logos and link to a website that imitates the bank’s real site as closely as possible. The days of “Pease entr yore acccccount infomation hear KTHXBYE” are long gone.

But the one I saw in the spamtraps today was just astonishing in its brazen use of buzzwords to add authenticity:

Dear Wilmington Trust Banking Member,

Due to the high number of fraud attempts and phishing scams, it has been decided to implement EV SSL Certification on this Internet Banking website.

First we have the scare tactic (always ironic in a “there are treacherous people about” sense). Throwing in EV SSL certificates makes it seem a bit more authoritative, since it’s something a lot of companies have started doing, and people may have heard about it in the news.

The use of EV SSL certification works with high security Web browsers to clearly identify whether the site belongs to the company or is another site imitating that company’s site.

It has been introduced to protect our clients against phishing and other online fraudulent activities. Since most Internet related crimes rely on false identity, WTDirect went through a rigorous validation process that meets the Extended Validation guidelines.

And here they talk about EV certs and how much safer they’ll make your account!

Please Update your account to the new EV SSL certification by Clicking here.

And here’s where they demonstrate that they figure the typical mark doesn’t actually have a clue what EV SSL certificates are. Various real businesses have converted from standard SSL to Extended Validation SSL, and the users didn’t have to do a thing.

Now, you might need to upgrade your web browser or switch to one that will show you a green bar (Firefox 3, IE7, Opera 9, etc.), but you’d still be able to access your account even if you didn’t. Unless the site started blocking other browsers like PayPal briefly discussed back in April. Even then, there would still be nothing that would require you to log into your account and make a change.

Anyway, let’s continue:

Please enter your User ID and Password and then click Go.

This one’s presumably a simple phish, just obtaining login credentials to give the thief access to the account through the web.

(Failure to verify account details correctly will lead to account suspension)

And of course the implied threat: Do this or you won’t be able to get at your money. Again, a typical phishing tactic.

On a side note: My favorite spam topic of the last week is “Refinance your ARM today.”. Yeah, I know what ARM stands for, but I keep imagining Cyborg, or perhaps the Six Million-Dollar Man, trying to refi a loan that covers the gadgets in his arm.

Spam Filters Gone Wild: This Is True

Waaay back in the dark ages of the Web (somewhere between 1994 and 1997) I discovered a weekly email newsletter called “This Is True.” It collected strange-but-true news stories from around the world, summarizing each in a short paragraph with a witty one-liner at the end. I subscribed to the free edition, and later to the full version, which had about twice as many stories. I even picked up a few of the books collecting past stories (at a con, I think, but I can’t remember which con).

Eventually I got too busy to read them, and the back-issues piled up unread, and I decided to let my subscription lapse. But earlier this year, I decided to re-up with the shorter, free version, and it’s still as good as ever.

This week’s issue included a disappointing story: even though they practice — in fact, probably helped originate — responsible list management, Yahoo is blocking them as spammers. Why? Because people are signing up for the list, then deciding they don’t want it anymore, and instead of unsubscribing, hitting the “Report as Spam” button. Yahoo has apparently taken those spam reports at face value, and blocked everyone’s copy of the newsletter.

Clearly, some people are unclear on what “spam” means. It’s not just “mail I don’t want.” It’s “mass mail I don’t want and didn’t ask for.”

That, and I’m sure some people don’t realize that their reports are being used to train everyone’s filters. I remember a co-worker explaining a few years ago that he’d trained Gmail to send the SourceForge newsletters (or something similar) straight into his spam folder. I commented that they might be using that data to train their sitewide filters, and he said something like, “I hope not.”

Using user feedback to train sitewide or network-wide (such as Cloudmark, or Akismet) filters is a powerful technique. Some people will catch the leading edge of a spam attack, and that data can be used to protect others as the attack continues. Some will check their mail sooner, and that data can be used to re-filter messages that have been received, but not yet viewed.

Unfortunately, it also can give a lot of power to people who are either unclear on the criteria being used or have an axe to grind, unless you include measures to (a) contain the impact or (b) keep track of each reporter’s reliability. I know Cloudmark factors in the reporter’s reputation, for instance. And I suspect that AOL does, at least in some cases, limit measures such as blocking to specific recipients, but I can’t be certain.

Anyway, to summarize:

• Use the Report Spam button responsibly.  If you actually subscribed to it, it isn’t spam unless they refuse to remove you from the list.
• Check out This is True.  You may laugh, you may groan, you may think, or you may get pissed off at the world — or all of the above.  It’s certainly worth a look.

(I really should have finished writing this yesterday, before someone submitted the original story to Slashdot. Posting about it to get the word out seems kind of redundant now. Heck, now that I think about it, I should have submitted the original to Slashdot. Oh, well.

Now I want to know how I compare!

Subject found in my spam folder today:

Realistic Extra Income for the Average kelson

Really? Now I just have to know what income the average Kelson makes! More or less than the average Joe? And on what percentile do I fall?

Free Gas with your Spam List!

Wow… you know gas is expensive when the spammers start hawking gas cards.

Our support contact address received a message touting “Finest List of Nurses Including Email Addresses – Free $50 Gas Card” I had to wonder what the heck it was, so I took a look at the message. They were trying to sell “sales leads” — i.e. names and contact information — of nurses, and were offering to throw in the gas card if you spent enough on “leads” to do your own spamming.

Weirdest Spam Yet

I’ve seen some pretty weird spam in my time, both as an email user and an email admin. My favorite is still the request to purchase a Dimensional Warp Generator. But this one, which showed up in the spamtraps a few days ago, has got to be pretty close.

Old Witchcraft Secrets – make your wildest dreams come true
Read the rest of this entry »