Threat Level: green Handler on Duty: Tom Webb

SANS ISC: The Sad Reality of Spam/Phishing Attempts - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
The Sad Reality of Spam/Phishing Attempts

Just for grins, I opened my spam folder on a gmail account I have and thought I'd take a look at what was in there since I hadn't looked lately.  By the way, my spam folder is one of my first sources of new malware for those who ask quite regularly where they can find malware to analyze.  In the last 30 days, I have approximately 707 spam emails, which averages to about 24 pieces of spam a day.  I can find topics such as:

"Please i need your assistance"

and

"YOUR EMAIL HAS WON $500,000.00 USD"

to the more malware malicious ones (complete with attachments) such as:

"Kindly open the attachment"

or

"You have 1 unread Message!"

  and those that ask me for my data like:

"Fill & Return For Claims"

or

"Fraud Alert!!!"

This doesn't even include the ones where I can buy drugs, save my visa card from being canceled, update my password before it expires, open a greeting card from someone I don't know, etc. I even found one in there from a friend's email address so they are either compromised or their email address is being used (yes, I'll tell them and ask them to check their system). 

One would think from looking at the scam names used above; the misspellings and bad grammar in most of the emails ; the amount of publicity on the topic of spam/phishing attempts, etc. that they would not work.  However, the sad reality is that spam/phishing is so rampant because it does work.  We are seeing again first hand the efforts to capitalize on the Tsunami disaster that Bojan wrote about in the diary entry isc.sans.edu/diary/Tsunami+in+Japan+and+self+modifying+RogueAV+code/10543.  Antivirus vendors are reporting that on average that spam makes up over 80% of email traffic.  That is a significant amount of email that is spam (no wonder my spam folder is so full) and just by shear numbers, it is going to work.  Many organizations at work have email gateways to filter out the miscreants, but at the same time, many do not block web based email accounts which defeats the whole purpose of having an email gateway. 

According to what I have been able to research (I didn't even have a computer then to know anything about it), the first spam email was sent on May 1st, 1978.  It was sent by a DEC marketing representative to every ARPANET address.  Spam in one form or another has been increasing every since then and really picking up steam in the 90s.  One would think that with the passage of that much time, that we would have been able to educate people how not to fall prey to such events. 

I still think education of the user is key and sadly SPAM/Phishing attempts have become part of the "normal" noise on the internet.  As sad as this is there is one bright note, at least with my daily dose of spam, I'll be able to have all the fresh malware I can analyze.

Lorna

165 Posts
ISC Handler
In this day and age, we should actually expect spam to work despite spelling and grammatical errors. The age of texting and twitter has led to a general intrusion of poor spelling and grammar into other written communications. Despite educational systems that teach the mechanics of grammar and spelling, the focus has shifted to test scores rather than an understanding of the importance of the rules of language.

Moving beyond that, the increasingly global reach of business, education, and personal interests that are facilitated by the Internet has further led to a general acceptance by many that the communicating party may not be working in their primary language. Outsourcing of service centers to offshore sites has conditioned many to expect poorly written, yet legitimate communications from persons who are communicating in a secondary language.

With the increased acceptance of grammar and spelling errors in normal legitimate communications, why are we surprised when poorly written spam deceives?
Alan

57 Posts
Interesting thoughts about it and I understand where you are going. However, I guess I have a hard time wrapping my head around the concept that in "professional" correspondance (as most of these spam/phishing attempts are proporting to be) misspellings and bad grammer would be considered acceptable and would not have been screened out by QA. However, I can see your side as well that the misspellings and bad grammer have become the "norm" so no one thinks anything when they see it. The whole thing just makes me shake my head as I try to figure out how do we make it less effective/profitable. Thanks for the thoughts Alan!
Lorna

165 Posts
ISC Handler
When I see mispellings and very poor sentence construction, I automatically imagine the person typing to be less-educated, and below average mentally. That's just the way it comes across to me, and probably to a lot of people. Non-english speakers type differently, and you can pick that up very easily.
Shawn

29 Posts
Then again... Even Lorna misued the word "shear" instead of "sheer" in her diary entry; even the best of us are sometimes caught by the dreaded damnyouautocorrect syndrome, or just misuse a word... You'd be surprised the average reading level of even supposedly computer-literate users. Most don't even pick up on the gramatical or spelling errors.
Henry

3 Posts
Good catch Henry and I read that diary more than once:) Also goes to show that you should never proof your own work. However, in the case business related correspondance (especially large companies), then I would expect that it would go through a quality assurance process to make sure those inaccurate use cases or mispellings are removed before being released. So, I don't expect to see improper grammer or mispellings in these documents. I only expect to see that in suspect business emails such as those used in spam/phishing attempts.
Lorna

165 Posts
ISC Handler
With regards to quality assurance, this too has fallen by the wayside as cost cutting measures slash budgets for QA, editorial review, and other non-revenue generating cost centers. One need look no further than the slowly dying media called newspapers to see how far editorial review has fallen.

PS, I had to laugh when Lorna responded to my prior post with "... misspellings and bad grammer...". I've been equally guilty of similar posts in the past. Which brings up another point: blogs and forums often involve casual discussion, regardless of the fact that highly detailed and technical topics may be the subject of discussion. This is yet another area where "professional" discussion often demonstrates a lower standard regarding spelling and grammar. Again, this would indicate an increasing acceptance of the disregard for the rules of language.
Alan

57 Posts
I don't think anyone would accept these:
"So, we do not take the risk of accepting such payment; this is incase of any possible demurrage."
"We taught that your sender "NNPC and Texaco"
gave you our contact details. The content of your package is a Bank Draft worth of $500,000.00 USD"

Not even on my birthday, if I was drunk would I believe this email.
Jasey

93 Posts

Sign Up for Free or Log In to start participating in the conversation!