Wednesday, November 08, 2006

SPAM, Scam, of Phish? - that is the question.

Today I received the email below. I'm not sure whether it was a Phish attempt (my first guess), some sort of scam or just plain old SPAM.

The email is questionable because:

  • I'm not concagirl so the message that I received wasn't "to" me -- a clear sign that things aren't as they seem
  • I don't have an account at AMSouth
  • The body of the message doesn't mention me by name or with any personal information about me -- clearly a generic letter sent to many people -- another sign of badness)
  • AMSouth (or any other bank) will never send an email asking you to confirm user details through some link.
  • The message was an image rather than text. Banks don't normally send text messages as an image -- the image model is used by scammers because it's harder to have efficient SPAM detection of image based messages (especially since they can change the image every so slightly which means the SPAM detection won't work while the change doesn't change how it looks to the user)
  • The entire image had a link on it (so, as you move the mouse over the text, the pointer stays with the pointing finger (meaning there's a link there) even though the message doesn't look like a link).
  • After the image there was a large white area that appeared to be blank. However, when you used the mouse to select the area, the hidden text below shows up:
    Please! coney dally Swallowing hurt. Like an idol, she gave only one thing: a feeling of unease deepening steadily toward terror. This time he tried looking out the window, where fresh snow was falling. Because I can, and it's not something to apologize for, goddammit. Never you. "Well, I guess it was something like that. Ten minutes later she came in with the syringe, the Betadine, and the electric knife. The limited vista now opening before him wag extremely unpleasant: six weeks of life which he would spend suffering with his broken bones and renewing his acquaintance with Misery Chastain, n?e Carmichael, followed by a hasty interment in the back yard. annual
    This is just random garbage added to the message in an attempt to bypass the SPAM recognition filters. Given that this message did get to my AOL account (which does have quite good SPAM recognition filters), it seems that they succeeded.
  • Interestingly, the link on the page did not go to a phishing site (which I had assumed it would). It went to what looks like on of those typical domain-for-sale pages (thesherri.info). Perhaps they were a phish site that was already shutdown.

Tags : / / / / / /

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)