agente Posted October 18, 2011 Posted October 18, 2011 I have received a couple of "picture spam" messages lately. The message just says something like look at the attached picture. When the picture is opened, it shows the spam message. The picture is a JPG file and is an attachment to the junk email. I saved the JPG file and did a virus scan on the JPG image and my anti-virus found no infection. I could not figure out how to forward the JPG and from reading this forum, it does not seem possible using Spamcop. If I use the Spamcop email forwarding method and then preview the spam report, the image turns into a block of code. After a little research, I discovered www.free-ocr.com. I went to that website and uploaded the spam JPG and it did a nearly perfect job of converting the spam JPG image to text. In the comments section of the Spamcop report, I added my comments and pasted the converted text of the JPG. Here is what I said: This message contains a JPG image file. That image contains the spam. I have converted the image using www.free-ocr.com website. Here is a copy of the spam inside the JPG: A Professional Ofï¬ce Environment for Lawyers S CORPORATE & BUSINESS LAW, COMPLEX LITIGATION, IP& GOVERNMENTAFFAIRS 57- 60 Lincoln's Inn Fields, London WC2A 3LJ UK. TEL: +44 702 409 9148, FAX;+44 121210 0239 Attn: I have contacted you to assist in distributing the money left behind by my client before it is conï¬scated or declared unserviceable by the bank where this deposit valued at GBP 48,350,000.00 (Forty Eight Million, Three Hundred And Fifty Thousand Great British Pounds Sterling). This bank.... and so on..to the end of the spam JPG message. By the way, this message was sent from an [at]att.com account. Spamcop sent the spam report to [at]att.com. The body of the message asks that the recipient reply to a [at]gmail.com account. Clicking the Reply button creates a reply to that same [at]gmailcom account. So I also forwarded the full original message with the JPG attachment (unconverted) to abuse[at]gmail.com.
SpamCopAdmin Posted October 18, 2011 Posted October 18, 2011 Please don't alter the spam email by converting the image to text. Submit it in the raw just as you received it and let SpamCop do its thing. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - .
Farelf Posted October 18, 2011 Posted October 18, 2011 Hi agente, Quite a few people like to do a little extra in dealing with the 419 "Nigerian" scams - which is an activity quite separate to SC reporting though SC tools may be helpful in getting reporting addresses, etc.. SC reports, as Don has reminded, use only the original data (see Material Changes to spam) and don't really affect those rascals, even when the message is in plain text. Complaining to the service provider for the 'drop box' is a useful further step in these cases. Here is Marjolein's banspam page for 419s - http://banspam.javawoman.com/report3/scam1.html There are other groups dedicated to taking on (and baiting) 419-ers - not something for the faint-hearted, nor is it generally recommended since the average Joe could easily get themselves into trouble with these people who, you must assume and better believe, are desperate criminals. Do be extra careful with links and attachments in spam in general and in this stuff in particular (adding that mostly for the benefit of others reading the topic - you may know what you're doing, others maybe less so). P.S. The Lincoln's Inn Fields address is of course just "window dressing" - I am certain the legitimate occupiers of those premises would have nothing at all to do with this matter (and are uncommonly capable of defending their reputation should anyone suggest otherwise).
turetzsr Posted October 18, 2011 Posted October 18, 2011 <snip> Quite a few people like to do a little extra in dealing with the 419 "Nigerian" scams - which is an activity quite separate to SC reporting though SC tools may be helpful in getting reporting addresses, etc.. <snip> ...FWIW, what I do is to report via SpamCop and include nonregistered[at]coldrain.net, reportphishing[at]antiphishing.org and spam[at]uce.gov as recipients (using SpamCop reporting's Reporting preferences | Public standard report recipients capability). I also send my own e-mail to the abuse address (referencing the result from http://www.abuse.net/lookup.phtml) of the reply-to domain, pointing them to http://forum.spamcop.net/scwik/Nigerian419...nceFeeFraudScam (not that any of them look at this) requesting that they take action against the reply-to address for 419 fraud and, if relevant, phishing.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.