Just saw a post over at The Consumerist about a spammer that forgot to supply data for their mail-merge:
I got this spam recently. Looks like our spammer forgot to fill out his form fields! “Whatsup My parents are from #CSVFIELD(3)# too! Are you 100% sure you wish to get rid of this #CSVFIELD(2)#?” I love how vague and modular it is, it’s like spam madlibs!
We see this all the time and didn’t think to mention it. Sometimes we forget how jaded we are about this stuff.
The message above exemplifies two very common spam phenomena:
- The spammer that hasn’t figured out how to work the software yet.
- The ever-popular fake Craigslist response.
The Lame Spammer
First, “our spammer” is probably new to the field and has just recently decided to supplement their pan-handling income with a career in spam. Unfortunately, the really accomplished spammers write software to automate parts of their spam operation and then make it available (usually for a nominal fee) to spam “script kiddies“. This makes it feasible for unskilled spammers to take advantage of opportunities in the growing field of unsolicited marketing (a.k.a. spam).
Usually it takes a while for these future spam moguls to get the hang of sending out a usable campaign. What we see while they’re figuring it out is epic fails like the one posted on Consumerist. How embarrassing.
The saddest thing about this is that a lot of these spammers are probably recruited by other spammers which, now that we think about it, probably accounts for their willingness to believe that others will fall for their pathetically fake appeals.
Selling something means you want to buy something right?
Second, the example above represents a semi-sneaky approach to getting you to click a link due to your interest in selling something on Craigslist (and possibly other classified ad sites). Here the spammer is appealing to your tribal instinct by trying to appear to have something in common with you as well as giving the impression that they read your ad.
This proves the spammer has access to another software tool that they probably didn’t write. In this case, the software “scrapes” data from a publicly available source like a classified ad and merges it into a spam campaign. This is mildly slick when it works but even then it’s still pretty easy to block without some additional, much slicker obfuscation.
Unfortunately, unless you have a good spam blocker (shameless plug alert) like OnlyMyEmail this type of thing is pretty much impossible to avoid while getting any benefit from the ad. The best we can suggest is to use a disposable email address when posting on sites like Craigslist.
Finally, thanks to The Consumerist for reminding us about this issue.
- -
OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.
Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."
OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.
No related posts.
Tags: botnet, craigslist, mail-merge
Hi,
Super post, Need to mark it on Digg