Every once in a while I get a spam message that just makes me stop and shake my head, astounded both at the stupidity of spammers, and the gullibility of the victims who fall for this crap. I got a spam message the other day that was properly identified and flagged as spam, but I have to wonder how many end users would have seen this and thought to themselves…
“OMG! I can’t let my account be deleted! I must click on that link immediately to save my PayPal!” Have a look at this message and tell me how long it took for you to identify it as spam.
Subject: Your PayPal Account Well be Deleted
If you’re a regular reader of this blog, I’m betting less than two seconds. I love how they signed it “The Team”. The PayPal logo looks close, and they did that just using HTML to set the format and colors Not too bad there. They obviously took the time to play around with fonts and colors rather than just downloading the real logo complete with the little TM, but hey, A for effort there. Of course, that they didn’t spend 30 seconds running this thing through a spell checker is probably the saving grace for many of us.
The rest of the message is interesting enough. They sent it from a server that is not on a blacklist, yet. They set the reply to address to match the domain they are actually sending from, and that server actually passes the SPF record check as an allowed sender. It wasn’t a soft fail.
So to most spam filters that haven’t tripped to the fact that this is a phishing message by looking at the content, this message would sail past. Only a well-developed and healthy sense of paranoia, coupled with a grammar nazi’s nose for poor spelling allowed me to spot this instantly. Did you?
Civilization will be doomed on the day that most spammers actually take the time to spell check their messages, or run them past a native speaker of the target language. This message would actually get past most filters. I know I cannot always find Waldo in those pictures, and not everyone who reads this blog has English as their first language, so here’s a hint. Look at the subject line.
The truly ironic thing is that if you were to analyze the HTML of this message, the link to what is undoubtedly a phishing site (but I am not following it, just in case it’s hosting malware!) has a typo in it that would render it unreachable if you just clicked on it. The site it should redirect to is under a Brazilian domain, but the webserver is hosted by a company based in Houston, Texas, US.
If you have friends or family who fall victim to phishing attacks, show them the picture above, review with them how to look at a message and see whether or not it is spam, and them perhaps point them to our series on talking about spam. The holiday season is just around the corner, and you can be sure we’ll see a rise in both spam and phishing messages starting pretty much any day now. We’ll cover the most egregious offenders here, but the best thing you can do for the non-techies in your life is to raise awareness now.