I got an unsolicited sales inquiry from a major company the other day. Each day, 10 to 20 junk emails make it through our spam filter. Usually, I can delete them after only a second or two, but this one sounded like I might already have a business relationship with them. I don't want to risk insulting a customer or vendor, so I responded, asking what it was about. The salesman was honest; he said that he thought somebody with my title would be interested. I wasn't. Not even close.
I've been on the Internet since it became easy to get on it. When did it become acceptable to send blind solicitations? When did the word "spam" come to mean only Nigerian princes and phishing schemes? It used to be only desperate, border-line ethical, fly-by-night companies that sent junk email. Now it's Box, Oracle, Microsoft, hell, I'm pretty sure my own employer does it! Why have mainstream companies sunk so low as to send solicitations based on title?
Think back (if you're old enough) 20 years. There were trade magazines that you could get "for free". All you had to do is fill out a sheet that indicated in fair detail what your interests were, what industry you worked in, and the kinds of products over which you have purchase influence. Vendors got very precisely-targeted lists, and we all knew that we would be getting solicitations. We valued the magazine, so we didn't resent the ads. Heck, although I don't remember specifically, I suspect I responded positively to one or two solicitations; the advertiser got their money's worth and I got a product that I wanted.
Those magazines don't exist any more, or at least not in my field. We've all stopped reading the paper versions and instead look to the web for the information we're interested in. We subscribe to blogs, podcasts, slash-dot, LinkedIn groups, and any number of other curated content providers. But the Internet evolved from an early non-commercial birth. Early adopters resented the commercialization of the Internet, and refused to give information about themselves. We create throw-away email addresses to subscribe. We want to remain anonymous. So the information curators never established the model of "you tell me about yourself for marketing purposes, and I'll give you information you want." Some companies tried to get that going, but the internet "culture" prevented it from catching on.
So guess what? I and my fellow-junk-email-haters are suffering from the unintended consequences of our own behavior. Vendors no longer have precisely-targeted lists available to them. So they substitute quantity for quality; send a million emails, and you're sure to find some prospects. It's the new normal.
Idealists like me want a total paradigm change. We want unsolicited advertisements to go away completely. Back in the day, if I knew I wanted a C compiler, what did I do? Open the yellow pages? Sorry, no entries in the Yellow Pages for C compilers. No, I *depended* on those trade magazines' advertisers to give me access to vendors of C compilers. But now that search engines exist, we can do away with outgoing advertisements. Instead of push marketing, go with pull marketing. If I want a C compiler, I won't open my "junk" folder to find an unsolicited ad, I'll do a web search. And this model *does* work! We put some useful information on our web site, and attracted more than one customer who came for that information and stayed for our product.
And yet, the realist in me knows that human nature is what it is. Research has proven again and again that advertising works. I suspect modern email campaigns generate a lot of "unsubscribe me" responses, some of which may be less than polite, but I also suspect that they generate at least some interest. Cast a wide-enough net and you'll catch some fish.
So if I have an emotional response to junk mail that is out of proportion to it's actual cost to me, that's my problem, not the advertisers. I guess I need to get over it.
Showing posts with label spam. Show all posts
Showing posts with label spam. Show all posts
Wednesday, September 27, 2017
Monday, May 15, 2017
WannaCrypt / WannaCry ransomeware
I'm not a security researcher, and I don't follow the subject very closely. But here is an interesting read by the person who slowed the spread of the recent WannaCrypt / WannaCry ransomware outbreak.
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
Sunday, April 30, 2017
Fraudulent spam email claiming to be Netflix
I got a phishing email. So what? I get lots of phishing emails. Why blog about this one?
Well, it's at least a *little* different.
Most of them direct the victim to an existing web site which has been compromised. I.e. the web site's real owner has no idea that his own site is being used for fraudulent purposes.
In this one, the victim is directed to the domain name "netflix-myaccount.com", which the scammer obtained properly. Unfortunately, the scammer wasn't stupid enough to include his own contact information in the registry, instead choosing to hide behind privacyprotect.org.
Now there's nothing wrong with using privacyprotect.org to hide one's identity. If anything, it removed any doubt in my mind (as if there were any) that the page isn't owned by Netflix. So it reinforced that it is a phishing site. I sent a complaint email to privacyprotect.org anyway.
Next up, the domain the registry: ilovewww.com. Never heard of them. Malaysian. Sent them a complaint email too to suspend the registration.
Next, the IP address that netflix-myaccount.com resolves to: 80.82.67.155. A whois lookup shows the block is owned by Quasi Networks LTD. Abuse email to it as well.
Now to another nice site: phishcheck.me, a site that evaluates how likely a site is to be fraudulent. It actually goes to the site and analyzes it. So I went there and plugged in "http://netflix-myaccount.com", and sure enough, it says that it is probably a phishing site (no surprise there). But on that phishcheck.me page is a tab named "resources", which shows details of the access to the site ... and well lookie there, "netflix-myaccount.com" redirects to "netflix-secureserver.com". Which resolves to the same IP as "netflix-myaccount.com", and is registered in the same ways (ilovewww.com and privacyprotect.org). So what the point in that? Oh well, another set of complaint emails for the new domain name.
Finally, let's see if it is a compromised web site. I would like to see what other domain names resolve to the same IP address. Unfortunately, this appears not to be an exact science. The few sites there are that claim to do this find *no* domains resolving to that IP. However, a simple google search for "80.82.67.155" (*with* the double quotes) does find the names "netflix-myaccount.com" and a new one: "www.useraccountvalidation-apple.com".
Yep. Another phishing site, leveraging Apple instead of Netflix. Let's do the drill, starting with whois. WHOA!!! Did we hit paydirt?
Registrant Contact
Name: Jamie Wilson
Organization:
Mailing Address: 22 Madisson Road, London London SE12 8DH GB
Phone: +44.07873394485
Ext:
Fax:
Fax Ext:
Email:uktradergb@gmail.com
Now, don't be too hasty. The *real* registrant is a scammer. What are the chances he would list his own real contact info? The only thing that might be valid is the email address, since I think he needs that to fully set up the domain, and even then it might have been a single-use throwaway.
Hmm ... not totally throw-away. A google of "uktradergb@gmail.com" has 6 hits, including "netflix-iduser1.com" and "netflix-iduser2.com", both of which have Jamie as the registrant, but neither of which resolve to valid IP addresses. So not sure there's anything actionable (i.e. complainable) there.
But just in case, I googled the phone number, and found this additional hit: "AppleId1-Cgi.com", which doesn't appear to resolve to a valid IP.
Well, much as I hate to, let's skate over to "domaintools.com", which wants my money in a bad way. It tells me that uktradergb@gmail.com is associated with ~38 domains, but of course won't tell me what any of them are without paying them $99. And even though I would love to send complaints regarding all 38, I wouldn't love it $99 worth.
Ok, one more thing. http://domainbigdata.com/gmail.com/mj/LX7iN6iKwKFIRfkD7CsKXQ says that the owner of that email address is Adam Stormont, and that the email is associated with a few other sites (but not 37), including "hmrc-refundvalidation.com", which doesn't resolve to an IP. And by the way, a whois of another uktradergb@gmail.com domain, "hni-4.com", says that the registrant is David Hassleman. So yeah, ignore the Jamie Wilson contact. He wasn't that stupid. :-)
Ok, one more thing. http://domainbigdata.com/gmail.com/mj/LX7iN6iKwKFIRfkD7CsKXQ says that the owner of that email address is Adam Stormont, and that the email is associated with a few other sites (but not 37), including "hmrc-refundvalidation.com", which doesn't resolve to an IP. And by the way, a whois of another uktradergb@gmail.com domain, "hni-4.com", says that the registrant is David Hassleman. So yeah, ignore the Jamie Wilson contact. He wasn't that stupid. :-)
And now I've run out of gas. Maybe those domain names will be disabled in the next few days. Or maybe I've just wasted a half hour of my life. (Well, I've learned a few things, so not totally wasted.)
Subscribe to:
Posts (Atom)
