A Brief History of Everything Wireless

How Invisible Waves Have Changed the World

Earlier entries Show latest

Author's Blog

Fighting Internet Spam

2019-08-06 [Petri]

When you control several domains for your various Internet activities, it is common to set up a “catch-all” email handler: mails sent to [whateveraddress]@yourdomain.com are collected into a single trash email inbox, where they are separate from your valid correspondence and easy to junk in bulk.

The benefit of such a scheme is that you can create a new address out of thin air for every occasion that requires you to give an email destination for whatever purpose: for "competition.com" you just create competition@yourdomain.com. Any mail sent to that address will reach you, while your real email stays untouched. And if "competition.com" starts sending you too much crap, it is easy to automate the elimination of all messages sent to this address. You will never see them again.

The flipside of this is that a lot of email spamming today is random or semi-random (e.g. common first name or surname lists) and thus based on blind targeting: they send their pitch en masse with the hope that out of the thousands of emails, at least one finds its way into a valid email inbox.

A catch-all works as expected, and catches a lot of such mail.

This kind of mass-spamming is the cheapest option, but naturally with a very low hit rate amongst less-geeky part of the online population: those of us with catch-alls are all too familiar with this and can steer away from such postings.

What helps immensely is to set your email reader to show not only the sender but also the addressed recipient of the email: hence it is easy to filter out randomly generated [whateveraddresses] and simply junk them forever.

More advanced spammers buy the email lists that have been hacked and are available on the dark net: in their cases, it helps that often these lists also have cracked passwords. So it is easy to claim “we know your password, user X, it is Y. So what we claim next is true”. In this case, the receiving email address is also a valid one in the majority of cases.

With money you can therefore buy a much better hit rate for your Spam, as you will have “real” hits.

Naturally the most copious generators of Internet trash may use both of the above mentioned avenues of searching gullible targets that may fall for their story.

The actual content is often emails from "ladies looking for love", or from “FBI” or “CIA” or the “United Nations” offering a “misplaced payment” that somehow belongs to you: a couple of millions will be dropped at your doorstep if you only pay a small “handling fee”.

Funnily enough, the return addresses for initiating correspondence are to places like South Korea or Croatia, not “.gov” addresses in the US or “un.org” for the United Nations: an obvious proof of the invalidity of the whole message.

Most notably, if they just need a “small handling fee”, why not take it off of the millions of “my money” they already have? I'd be happy to just receive a receipt that cut the payment down to 6,999,500 dollars from the original 7,000,000. Simply include the receipt in the same delivery package with the dosh, please?

As usual, if an offer that drops in your inbox out of the blue looks too good to be true, it most likely is, and you should press the delete button and move on. Do NOT click on any of the images or links in the message: nothing good will ever come from that.

Another recent one is a “bank representative” who is willing to cut a deal over some “money the owner of which they have tried to search for months without success”. So he chose you as a random bloke to get the bounty, but only if you are willing to cut a reasonable sum of it for him. This is a clear invitation to join an international fraud scheme, which most likely would eventually pay you a visit from the FBI or CIA in real life, in case it was a valid proposal.

Which it never is, so don't fall into this either.

And then there are the poorly-written Nigerian princes and other African government officials that attempt to get you to help in their private money laundering activities. You would expect them to have gotten a grammar checker or a writer who successfully finished the second grade at school by now, but nope...

Here's a simple checklist for fighting the Internet Spam:

Is the mail actually sent to your real address, or some catch-all?

What is the sender's address? CIA does not use Gmail.

What is the return address? Don't be fooled by the visible ones, move mouse over the return address link (but do NOT click on it) and see what the browser shows as the true underlying address: it is usually shown at the lower part of the screen. Again, any valid organization uses their own domain, not a generic Hotmail or somesuch.

Hovering the mouse over any links in the message will identically reveal the TRUE link embedded in the email: if you get a valid-looking email from your bank, but the link points at "johnsbarbershop42.com", that should tell you all you need to know about the validity of the message.

Think of the big picture: if the storyline is too good to be true, it usually is. Why would somebody single you out for such an offer? Do you really have distant relatives in faraway countries that would have left a "considerable inheritance" for you?

If the suggestion inclines towards illegal, walk away.

And if an official claiming to represent a valid organization can't even spell, that's an obvious no-no. Difficult languages offer extra protection against Spam: I've yet to see a single attempt in Finnish that is written by using sensible sentences. Google Translator is NOT the spammers' friend...

If they threat you with some personally sensitive material, is there ANY indication that such material really exists?

More of a major recent scam in this category in a future blog entry.

If they use a password as a further "proof" of some kind of security breach, is that an active one, or something you used a long time ago?

The online scammers are constantly trying to invent new ways to fool you to pay or reveal you passwords. Even if you could possibly envision a condition that the messages claim, the above mentioned steps are your first line of defense against the seemingly endless stream of rubbish.

Permalink: https://bhoew.com/blog/en/91

Show latest Earlier entries

Spam comes in all shapes and languages these days [tesatool0/Pixabay]

You can purchase A Brief History of Everything Wireless: How Invisible Waves Have Changed the World from Springer or from Amazon US, CA, UK, BR, DE, ES, FR, IT, AU, IN, JP. For a more complete list of verified on-line bookstores by country, please click here.

Earlier entries:


You can purchase A Brief History of Everything Wireless: How Invisible Waves Have Changed the World from Springer or from Amazon US, CA, UK, BR, DE, ES, FR, IT, AU, IN, JP. For a more complete list of verified on-line bookstores by country, please click here.

PRIVACY STATEMENT AND CONTACT INFORMATION: we don't collect anything about your visits to this website: we think that your online history belongs to you alone. However, our blog comment section is managed by Disqus. Please read their privacy statement via this link. To contact the author directly, please costruct an email address from his first name and the name of this website. All product names, logos and brands are property of their respective owners and are used on this website for identification purposes only. © 2018 Petri Launiainen.