Jump to content

JPG Picture spam


Recommended Posts

I have received a couple of "picture spam" messages lately. The message just says something like look at the attached picture. When the picture is opened, it shows the spam message. The picture is a JPG file and is an attachment to the junk email. I saved the JPG file and did a virus scan on the JPG image and my anti-virus found no infection. I could not figure out how to forward the JPG and from reading this forum, it does not seem possible using Spamcop. If I use the Spamcop email forwarding method and then preview the spam report, the image turns into a block of code. After a little research, I discovered www.free-ocr.com. I went to that website and uploaded the spam JPG and it did a nearly perfect job of converting the spam JPG image to text. In the comments section of the Spamcop report, I added my comments and pasted the converted text of the JPG. Here is what I said:

This message contains a JPG image file. That image contains the spam. I have converted the image using www.free-ocr.com website. Here is a copy of the spam inside the JPG:

A Professional Ofï¬ce Environment for Lawyers S



57- 60 Lincoln's Inn Fields, London WC2A 3LJ UK.

TEL: +44 702 409 9148,

FAX;+44 121210 0239


I have contacted you to assist in distributing the money left behind by my client before it is

conï¬scated or declared unserviceable by the bank where this deposit valued at GBP

48,350,000.00 (Forty Eight Million, Three Hundred And Fifty Thousand Great British

Pounds Sterling). This bank....

and so on..to the end of the spam JPG message.

By the way, this message was sent from an [at]att.com account. Spamcop sent the spam report to [at]att.com. The body of the message asks that the recipient reply to a [at]gmail.com account. Clicking the Reply button creates a reply to that same [at]gmailcom account. So I also forwarded the full original message with the JPG attachment (unconverted) to abuse[at]gmail.com.

Link to comment
Share on other sites

Hi agente,

Quite a few people like to do a little extra in dealing with the 419 "Nigerian" scams - which is an activity quite separate to SC reporting though SC tools may be helpful in getting reporting addresses, etc.. SC reports, as Don has reminded, use only the original data (see Material Changes to spam) and don't really affect those rascals, even when the message is in plain text. Complaining to the service provider for the 'drop box' is a useful further step in these cases.

Here is Marjolein's banspam page for 419s - http://banspam.javawoman.com/report3/scam1.html

There are other groups dedicated to taking on (and baiting) 419-ers - not something for the faint-hearted, nor is it generally recommended since the average Joe could easily get themselves into trouble with these people who, you must assume and better believe, are desperate criminals.

Do be extra careful with links and attachments in spam in general and in this stuff in particular (adding that mostly for the benefit of others reading the topic - you may know what you're doing, others maybe less so).

P.S. The Lincoln's Inn Fields address is of course just "window dressing" - I am certain the legitimate occupiers of those premises would have nothing at all to do with this matter (and are uncommonly capable of defending their reputation should anyone suggest otherwise).

Link to comment
Share on other sites


Quite a few people like to do a little extra in dealing with the 419 "Nigerian" scams - which is an activity quite separate to SC reporting though SC tools may be helpful in getting reporting addresses, etc..


...FWIW, what I do is to report via SpamCop and include nonregistered[at]coldrain.net, reportphishing[at]antiphishing.org and spam[at]uce.gov as recipients (using SpamCop reporting's Reporting preferences | Public standard report recipients capability). I also send my own e-mail to the abuse address (referencing the result from http://www.abuse.net/lookup.phtml) of the reply-to domain, pointing them to http://forum.spamcop.net/scwik/Nigerian419...nceFeeFraudScam (not that any of them look at this) requesting that they take action against the reply-to address for 419 fraud and, if relevant, phishing.
Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...