If I Was a Spammer…

My Dear,

In all your humble awareness, this is best understood by also playing the song If I Had a Million Dollars by the Barenaked Ladies at the same time. Now that you have done that, understand that I contact you only because my government has locked me inside our national brewery and I cannot get all this fine ale out of my country without your considered support. Please respond to this message by providing your personal information, bank and credit card numbers, and a large bag of very salty pretzels.

Yours insobriety,

Mr. Jamie Campbell

All righty, then. I suppose that my first – and last – attempt at composing a spam letter exposes me for the fraud that I am. But what if I was serious about this strange thing called spam? What if, God forbid, I got smart about the whole matter and adopted a scientific approach in implementing a targeted spam campaign? It’s a dangerous thought, but it did occur to me recently that if spammers had some brain cells to rub together, they might spark a fire far worse than the ones we’re already trying to douse. With that thought process in place, I began thinking about how I would approach spam. Here are the results.

Please note: The following activities were imagined by a trained professional. Do not try this at home. By the way, it really does read better if you play If I Had a Million Dollars.

…I’d Hire Writers with English Degrees
I love Google Translation, but not for translating War and Peace from its native Russian. Spam emails read like a synthesis of Revolution Number Nine by the Beatles and the collective works of Dr. Seuss, if those works were co-written by Jack Kerouac. Don’t get me wrong: I love the Beatles, Dr. Seuss and Kerouac, but I don’t experience them all at one time, any more than I dump my dinner in a blender and drink it. So for my first considered action, I would hire writers trained in English. Even if they were bad writers, they couldn’t be worse than the ones currently crafting spam emails, and I use the word ‘crafting’ lightly.

…I’d Pay Attention to the PC Market
Everyone knows that smartphones, tablets and web appliances have set their sights and taken bites out of the traditional PC market for some time now; but last week, news from the financial world seemed to set the pace for the future of computing, when the giants of the tech world announced their quarterly results. Intel shaved its projections for PC sales and Microsoft’s results for sales of Windows fell short for a third straight quarter. All the while, Apple happily announced that it has moved a whopping nine million iPads. “The desktop, at least for consumers, probably doesn’t have a great future, and the iPad and similar tablets can deliver a lot of the functionality of a laptop,” an analyst stated in an article by Reuters.

The face of technology is changing rapidly, and adapting to the new paradigm is a necessity for wannabe spammers. We’re already seeing a shift, as evidenced by an increase in SMS spam, and the successful spammers are going to be the ones who figure out how to utilize all facets of devices in a thoughtful and coordinated manner.

…I’d Integrate My Attacks
Spam is like spaghetti (spamghetti?) – it gets thrown against a wall and sometimes it sticks. In fact, it’s mind-boggling how poorly-contrived most spam campaigns appear to be. But what if the spam was personalized? We’re already seeing it, as evidenced by Cisco SIO’s 2011 report entitled “Email Attacks: This Time It’s Personal.” The real opportunity is not only to identify individuals and personalize spam messages, but also to implement integrated, multi-tier attacks.

People are creatures of habit and tend to lower their guard when approached three or more times. For example, I’d send them a personalized email to begin with, but I’d also call and ask for them by name, explaining the opportunity; and then, for good measure, I’d send them an SMS message following up on the call. Y’know, build up the trust before I take them for everything.

…I Wouldn’t be Spamming Anymore
I wouldn’t be calling them myself. Heck, I wouldn’t even be sending spam emails. I’d have people doing it for me. And I’d already have my private island, fifty foot yacht, exotic pet collection, and like the song says, really expensive ketchup for my Kraft Dinner.

Written by Malcolm James

0 Comments

  1. Tim Brown · July 27, 2011

    I hope no spammers read your blogs for ideas!

    Especially concerning the shift away from the PC market, I remember reading a report about how much more difficult it was for a person to recognize a spoofed website on a mobile browser. Sure, tablets offer a lot of the functionality of a desktop, but often without the intense levels of diagnostics and security. So absolutely, I would be looking at that ballooning market, and probably salivating while doing so.

  2. William Lowe · July 28, 2011

    Spam and the mobile market is going to be a huge problem. I reckon that a well written spam email has a greater chance of being actioned on a mobile than on a desktop. Fake websites are harder to spot on mobile devices and tablet (as Tim Brown says) and users could be tricked into revealing details they shouldn’t.

    Having said that, my general policy is that if I get a email which seems in any way suspicious ( because it is unsolicited or if it is spoofed and doesn’t quite fit with the character of the sender) then I always deal with it on my desktop and not on my iPad.

  3. Joseph Clay · July 30, 2011

    I do appreciate your sense of humor but I think you are too intelligent to become a spammer. :) Otherwise, the hints you give are useful for everybody because we need to be on the watchout for all the new tricks, such as personalization and targeting mobile devices.

  4. Jamie Campbell · August 1, 2011

    Hey Tim, I hope they don’t read them either, because I doubt they have a sense of humor! It’s a brave new world, isn’t it? I got my first Android phone last week (moved on from the iPhone), and the first thing I noticed was just how open everything is. I’ve gotten the requisite firewall and antivirus software, but I can’t shake how this new opportunity is going to line the spammers’ pockets.

  5. Jamie Campbell · August 1, 2011

    Great advice, William, and I agree. One of the things about mobile devices is that they’re mobile (well, duh, right?), meaning that people are on the move when they read their email. IMHO, people on the move tend not to be as cautious as, say, when they’re at home in front of their computer. Besides, now that so many devices are permeating our d2d use, we have to be aware that different devices handle threats differently and that the wolf in sheep’s clothing comes in many different forms.

Leave A Reply