• Please review our updated Terms and Rules here

Spam asking for your personal data - what's the purpose?

P

Pepinno

Veteran Member
Joined
Apr 16, 2007
Messages
625
Location
Barcelona
So, let's see if I can finally learn what is the purpose of this type of spam:

spamn.png


I mean, they ask their gullible victims to answer back giving their full names and address.

So, apart from building a database of gullible people, what else can the spammer achieve with such data, and how would that be lessening to the gullible victim's financial interests?
 
Pepinno said:
So, apart from building a database of gullible people, what else can the spammer achieve with such data, and how would that be lessening to the gullible victim's financial interests?
Click to expand...

I'd be interested to hear what others suggest, but a database of gullible people would be quite useful for some purposes don't you think? :) My guess is that another use for this is to confirm that the bot has hit a working e-mail address. Put those two together and you've got a pure gold list. I bet if you answer, you'll hear from someone again - but it might not look related.

Just for fun, I always look at the header on these things. The "reply-to" field is sometimes quite funny.
 
Social engineering, phishing, call it what you want. They will try to get whatever info they can from you, and they will try to puzzle it together with other sources if possible.
With the data gathered they will do all of the following:
*) sell the data to others (spammers, marketeers, criminals)
*) try to scan money from you
*) try to scam money from people you know by pretending to be you
*) try to sell you stuff

not necessarily in any order.
 
Yeah typically it would end up with more fraudulent messages coming to you either email or snailmail trying to acquire additional information. The other trick is they can tie your name and location to your email address as well as verify your email address is currently active and correct. From there you could have some tools crawl common social networking sites for your name, location, email/alias and pick up more than most folks would realize. I mean with minimal effort they could send you a fake document with an outdated picture of yourself and require some sort of action or filing fee and see who bites.

I agree though, stupid stuff out there and it's always kinda interesting if it's targeted or random. I've had two separate instances where at a gas station a truck drives up and asks if I wanted to buy some really cheap speakers, etc. All I had to do was go with them and help move them (or for free or whatever). Anyway, had a friend already tell me about that scam and really it's just that the set they were going to sell/give you isn't there but some other similar/generic crap is there for a higher price hence the scam. I was curious what motivation they had to come up to me specifically or if they just try anyone that looks like they can haul stuff or what. I'm not always the most approachable person if you don't know me so was kinda interesting to think about.
 
Ole Juul said:
Just for fun, I always look at the header on these things. The "reply-to" field is sometimes quite funny.
Click to expand...

These are the headers:

spamheaders.png


The Reply-To address is info_homeland001@zing.vn, and it seems the spam was sent through AOL smtp servers authenticating with the credentials of AOL user gfoxx3699@aol.com, which may be either stolen credentials or a throw-away account created just for the purpose of sending this spam. As the spam originated from inside of AOL infrastructure, the SPF checks in the receiving end succeeded, as did the Domain-Keys checks and also the RDBL (Real-time DNS Black List) checks, so the email got through into my "war-account" jsmith at Terra.es (which implies Terra.es does not do content filtering, and only does the above said anti-spam checks).

Now, what rTLD is ".vn"... google time... Vietnam!! Good luck bringing this scam to the Vietnamese Police, hahahaha.
 
More than likely, a phishing attempt. The site the links lead to may look very similar to to the real government site. And once they get your personal information, they can do whatever they want with it. Worst case: steal your identity.
 
I remember one very funny, some guy from Albania sent me this:

"I'm in a very good business, if you lend me 100$ I will surely return 20.000$ in two weeks, It's a very good opportunity, the problem is that I don't have any money to invest..."

I only could think in what kind of people expect to win money like that? maybe a two years kid....Nah, a two years kid is much smarter than this guy.
 
This thread would not be complete without the obligatory spam with payload attached, you click it and someone owns your PC from his control-and-command spot, together with thousand other PCs in a nice bot swarm...

spam3p.png


Utterly lovable try at troyanizing my PC, me thinks. :D
 

Attachments

  • spam3p.jpg
    spam3p.jpg
    17.9 KB · Views: 1
Weirdly enough, (and not to give false hope to any n00bs reading this), sometimes deals that look too good to be true are real, at least in RL. A few months ago, I received, via snailmail, a letter from a lawyer in Fla, informing me that my brother (currently enjoying the hospitality of the Great State of Michigan for 10 - 16) was owed some $800 & change by St. of Fla, and that for a small fee (about .333%) he would be happy to collect it for me, if I provided him with a signed, notarized Power of Attorney. I investigated and discovered that Ken was indeed owed that amount from a past Income Tax return that never found it's way to him. "Well," I thought, "if the lawyer can collect it in my name, why can't I collect it myself and keep all the dough?" It turns out that I could, and the money will come in real handy, soon as the check arrives.

Just a lil FWIW... (Course, I still never trust anything I find on the I-net).

--T
 
I check my spam messages once and a while but I admit I don't freak out about making sure I'm not missing something legit as much as I used to. Yahoo and gmail have some pretty good spam filtering with the occasional item passing through (usually to a mailing list) but I do see more false positives than missed spam these days which is interesting. Not quite sure what technology has become better, whether it's real time black listing of IPs that have been tagged as spammers, content filtering rules or what.

I used to have my work mail get filtered through a freebsd box at my desk running spamassassin which was pretty good once you customize it. Course back then I also used to go through the trouble of reading mail headers (when I had the free time or felt spunky) and reporting the offending IP to their ISP too.

But general stuff like "did I expect this?" sorta logic and does it have any real information that would make sense vs is this just a generic "spear phishing" attempt with generalized and no factual/specific information given seem to apply well.
 
Terry Yager said:
Weirdly enough, (and not to give false hope to any n00bs reading this), sometimes deals that look too good to be true are real, at least in RL. A few months ago, I received, via snailmail, a letter from a lawyer in Fla, informing me that my brother (currently enjoying the hospitality of the Great State of Michigan for 10 - 16) was owed some $800 & change by St. of Fla, (...) "Well," I thought, "if the lawyer can collect it in my name, why can't I collect it myself and keep all the dough?" It turns out that I could, and the money will come in real handy, soon as the check arrives.
Click to expand...

So, your are getting your brother's money, and keeping it for you?
 
Pepinno said:
Ahhhh, you don't appreciate art. Artsy spam is best spam.
Click to expand...
+1

Bang on. I get a lot of e-mail in a number of accounts but for some reason I rarely get any spam, so it's a treat when I get a little surprise once in a while. I save the ones that have some real style - good or bad.
 
You must log in or register to reply here.
Back
Top