Email Spammers Are Smarter Than You Think

I long ago came to the conclusion that spammers are some of the craftiest people on the planet. I say this not in admiration of what they do, but instead, how they do it.

Mainstream advertisers and business in general, could take away some valuable lessons from the methods used by spammers to achieve maximum market penetration.

A case in point:

I operate multiple email accounts most of which I established 10/12 years ago. Recently, I setup a new email account on Gmail to allow readers of my WordPress site to contact me directly. Almost immediately, I noticed the type of Spam directed at this account was considerably different from the daily Spam going to my long established accounts.

Generally, the Spam aimed at the older email accounts is fairly harmless and not particularly dangerous, since most of it is calculated to attempt to sell me something I don’t want, and that I have absolutely no interest in. After all, how many “male enhancement” products, vitamin pills, or fake watches does a person really need?

While these emails are not harmless given that sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers, it’s the phishing emails aimed at my relatively new Gmail account that causes me the most frustration. These emails are often designed to trick me into revealing financial information that can then be used to steal my money.

It seems to me that phishing spammers target new or relatively new email accounts, more often than well established accounts. And why not? In a spammer’s view, I suspect, the theory is – an experienced Internet user is less likely to respond to this type of email, while the percentage of relatively new users who respond should be higher due to the new user’s inexperience.

The following graphic illustrates just how pervasive this type of phishing Spam can be in a new email account inbox. Click on the graphic for a larger view.

Looking closely at just one of these fraudulent emails, it’s easy to see problems with the construction of the message. This misconstruction should always be a tipoff something is wrong.

“Dear B a n k (the spacing in this word is off) of America member,

Bank of America ask (missing letter “s”) you kindly to take part in our quick and easy question survey (missing punctuation – no period).

In return we will credit $50.00 to your account. Just for your time!

– In order to help us please spare two minutes of yout (misspelled word – should read “your”) time and take part in our survey.

– To contiunue (misspelled word – should read “continue”) please click on the link below:

http://sitekey.bankofamerica.com.survey.departament.djwjggh5.net/srv/survey.htm?id=5984 (a questionable site based on the URL) – The following graphic illustrates how FireFox handles this type of site – in this case based on my personal security preferences.

Thank you for your time!

B a n k of America Survey Department.

© 2001-2009 B a n k of America. All rights reserved”.

Clicking on the link (assuming my Browser had not warned me), would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

It’s possible, my financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent email who could then have used this information to commit identity and financial theft.

If you are a relatively new Internet user the following are the minimum safety precautions (familiar to regular readers), you should take:

Be kind to your friends, relatives, and associates, particularly new Internet users, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

Keep your computer protected. Install a security solution and keep it up-to-date.