All the Perl that's Practical to Extract and Report

Spam Predictions

Matts on 2004-12-20T15:46:02

On Friday I sent an email to our PR agency regarding some predictions for 2005. In it I said the following:

The 419 scammers will become more targeted, collecting more details about the recipients they send to and customising mails appropriately. They have the manpower to do this due to their use of cheap labour, and the customised messages will make people more likely to respond to them. This is a case where google may work against you - if your email address can be found in google it is likely that a spammer can find out more details about you.
And today I got the following 419 in my inbox:
From: support@promoagency7564.org Subject: Urgent letter to Sergeant Matt Date: 20 December 2004 02:01:08 GMT To: msergeant@startechgroup.co.uk Reply-To: customerservices@joburgpromotions.com

Good day . Sergeant Matt Address : 9 Yarrow CloseGloucester Gloucestershire GL4 6SR - UK E-mail address: msergeant@startechgroup.co.uk

From the desk of Jessica Khumalo Joburg Bright water Foundation. www.joburgpromotions.com customerservices@joburgpromotions.com

Re: Contact Mr. John West Immediately

My name is Jessicca Khumalo , from Bright water foundation Johannesburg. ....
The interesting thing is that there are no web pages out there linking that email address to my home address (well, I guess there's one now!). So they must be googling for the full name. That sure is a lot of effort to go to!

Spam predictions overrun by events

dws on 2004-12-20T17:08:21

I've just started getting spam that uses some sort of Markov chain to assemble jibberish. I wasn't aware of spam filters that use any kind of Markov analysis to defeat spammers, so either I'm behind or the spammers are getting a leg up.

Re:Spam predictions overrun by events

TeeJay on 2004-12-20T17:10:54

Yes I have been getting this for a while.

Fortunately markov chains are so far used in subjects I already know to avoid, and if they start using markov chains in the subjects I can spot and delete them as easily.

yes, this is all by hand - about 400 mails a day (after trivial filters, list filters, etc)

Its from your DNS contact details

TeeJay on 2004-12-20T17:08:35

I got this same mail last night - hardly customised - it got your surname and firstname in the wrong order.

The only place it could have got my address from was DNS records. I assume you have your address in some DNS records somewhere too.

I guess they just munge each domain, looking for email and post addresses.. ick.

Re:Its from your DNS contact details

Matts on 2004-12-20T19:03:55

No, whois was my first thought but that's not the case.

Note that all the details can be found separately, but they *do* require google searching to put them together.

The Same Mail... on 12/30/2004

Amilkar on 2005-01-01T09:17:50

I'm from Mexico and the same mail was sended to my the 12/30/2004. So, this is a SPAM MAIL ??

What I Have to do?? does any body call to their telephone numbers ?

P.D. All my name and all my entire address was in the email and and I'm in the whois of networksolutions.com too.

(Happy New Year).

AMILKAR CALLES

----------------
Letter to Amilcar Calles Arriaga
Address: *****

From the desk of Jessica Khumalo
Joburg Bright water Foundation.
No 547 Krius drive,North Gate Johannesburg ,

Re: Contact Mr. Charles Morgan immediately !

My name is Jessicca Khumalo , from Bright water
foundation Johannesburg.