Home The Book Training Events Tools Stats
Unwanted items were >90% of Yesterday's Email.
Dispatches From The Front Lines ...
A Lure to DisasterPermalinkPosted on December 07, 2017 at 03:10 PM

It's a common pattern from evil senders, but one that will certainly trick lots of recipients to click the link in the message:

From: admin@supportbtc.com
Subject: CONGRATS, You're ALL SETUP!

Hi there,

Thank you for becoming a loyal
member of our group.

We have a very important gift for you:

==>> Click here to download it right now

Be sure to keep this for yourself,
as it's priceless, and we don't want
it in the wrong hands.

Take care

Some recipients, who think they're smart and tech-savvy, might equate the easily forged From: address domain to Bitcoin. They'd be wrong, of course, but the mistake gets the juices flowing that somehow this "group" wants to download some Bitcoin to your computer. It's priceless!

To the truly smart person, however, this message stinks to high heaven:

  1. You are not addressed by name in any way
  2. You didn't apply to join this group (which you can't identify)
  3. The group doesn't identify itself by name
  4. The link goes to a URL signifying connection with Bolivia

The link's site (I'm intentionally not revealing it for your safety) is so toxic, my virus protection software won't even allow a visit there. But if you were to manage to get through, the download would certainly be malware or worse (e.g., ransomware).

Bad Old Spam DaysPermalinkPosted on November 29, 2017 at 11:00 AM

Anyone who follows this blog knows I completely detest any kind of fakery, lying, and deceit. Olde tyme spammers used those tactics with abandon. Unfortunately, the CANSPAM law in the U.S. did not do nearly enough to get bad actors out of our inboxes, especially when the sources are outside the U.S.

I received the following message today, seeming to be a throwback to days gone by when spammers didn't care about their branding or honesty, because their goal is simply to get something of value from recipients without them even noticing it.

SUBJECT: Requesting Your Approval

DivTECH LLC wants to send you emails, but we need your permission before we do so.

We value your time and privacy, and will only be sending information that is relevant to your work. Messages could be in the form of promotions, updates, white papers and other awesome content.

However, we understand if you do not want to receive such emails. If this is the case, simply click on the blue "Opt Out" below, and we'll make sure that your email address is taken off the list.

Thank you for your time!

The information contained in this message is confidential. If you have received this message in error, please delete it or Opt Out if you no longer wish to receive my emails.

If needed, you can reach us at DivTECH LLC, 181 Union St., South Weymouth, MA, United States, 02190. For my records, I show your contact information as: [removed]@dannyg.com.

If this message had been framed according to the Subject: line and first line of text, I would take it to mean that they are simply asking me to confirm if I wanted to receive their messages, and doing nothing would stop it. But, as you see, the actual mechanism is the opposite. If I don't "Opt Out", I'll continue receiving their messages. BUT, the link of the Opt Out button leads to a completely different domain created just a couple of weeks ago. I have no idea where that opt out request ultimately goes. But I know it will confirm my address as being valid, ripe for additional spamming by untold hordes of spammers who rent the list of verified addresses.

I believe the mailer may have hijacked the DivTECH LLC identity as a cover for the mailing. The company does (or did) exist, and has a Facebook page that hasn't been touched since 2014. The link winds its way to a Canadian-owned domain (supposedly).

In any case, lots of recipients of this message will click on the link in the hope that they'll be opted out of this mailing. Nothing could be further from the truth.