Jump to content

i've had (and reported) a couple of legit looking spam mails with my surname in the message body!!!


deviantchild
 Share

Recommended Posts

recently i've had two mails that i've reported through spamcop that look semi legit

each has had the subject "Your Recent Stay at The Gateway Hotel Fatehabad Road Agra" and each has addressed me by my surname, prefixed with "Mr." in the message body

there appears to be no obfuscation, and all reports ( for the most recent of the two) went to abuseATnetmagicsolutionsDOTcom and abuseATnetmagiciansDOTcom

a quick google for "net magic solutions" returns results for an indian company - something to do with mail security solutions, so they say

although the hotmail address that these emails were sent to is comprised of my forename and surname joined (butted up against each other), my account settings do not state my gender or the two names individually, simply initials

sure, a human could discern the two names and create the division in order to address me by my surname, but does this now mean there are more advanced methods of creating spam now?

or does this mean that somebody with my address had their system compromised? or hotmail itself got hacked? - although that still doesn't explain how the mail was created from my ambiguous account details

i reported both anyway, since i haven't subscribed to anything, given out my details or stayed in said hotel - although i have been to agra a long time ago when i was travelling, but that was a couple of years before i was even on the web :)

Link to comment
Share on other sites

recently i've had two mails that i've reported through spamcop that look semi legit

An awful lot of words used to describe something that a Tracking URL would display fully/

although the hotmail address that these emails were sent to is comprised of my forename and surname joined (butted up against each other), my account settings do not state my gender or the two names individually, simply initials

A bit confusing .. you start with 'full name' but then change it to 'initials' .... ?????

Gender selection .... ignoring the above comment, the spammer had a 50 - 50 chance of being correct.

sure, a human could discern the two names and create the division in order to address me by my surname, but does this now mean there are more advanced methods of creating spam now?

or does this mean that somebody with my address had their system compromised? or hotmail itself got hacked? - although that still doesn't explain how the mail was created from my ambiguous account details

Know not why folks keep wanting someone here to explain the lunacy involved in the spamming arts.

Link to comment
Share on other sites

recently i've had two mails that i've reported through spamcop that look semi legit

each has had the subject "Your Recent Stay at The Gateway Hotel Fatehabad Road Agra" and each has addressed me by my surname, prefixed with "Mr." in the message body

Sometimes people might get your name out of the "nickname" field that often appears next to the e-mail address (e.g., "John Q. Smith" <jsmith[at]something.foo>). Do your messages show such a nickname when people receive them?

-- rick

Link to comment
Share on other sites

An awful lot of words used to describe something that a Tracking URL would display fully/

i didn't supply a tracking url because i couldn't see how to retrieve it from the "past reports" section. i'm only used to seeing it listed immediately after each individual report is sent, and i decided to post here only after pondering upon it after i had completed a series of reports, of which it was only one

if you can inform me how i can retrieve it at this later stage i will gladly supply it

A bit confusing .. you start with 'full name' but then change it to 'initials' .... ?????

not really. if you read carefully you will see that at first i refer to the "address" being comprised of two full names then later refer to the "account settings" [within hotmail itself - in the control panel, as you would have here] as only referring to me by initial

this should also answer rconner's query: i have no nick, just the same two initials

Gender selection .... ignoring the above comment, the spammer had a 50 - 50 chance of being correct.

agreed, but i was mentioning it more in the context of how genuine the mails had seemed and how it seemed add a touch more weight to the possibility that somebody's system had been compromised, where they had filled their address book with my missing details

not particularly important and i'd rather steer focus away from this scenario

Know not why folks keep wanting someone here to explain the lunacy involved in the spamming arts.

of course i'm not after spam motivation analysis - i'm far too web-versed and scum weary for that

many joe-folks are told, as a pre-emptive precaution, to look for things such as making sure you are being addressed by name in a mail to at least limit some chance of being taken for a ride

many legit companies that are often spoofed by spam phishers (such as ebay) make a point of addressing you personally to help legitimise any genuine email correspondence

if this is about to anulled by a new evolution in spamming i would like to know so that i may inform (possibly non-computer savvy) folks when securely setting up their machines and introducing them to pitfalls and perils of the web

Edited by deviantchild
Link to comment
Share on other sites

i didn't supply a tracking url because i couldn't see how to retrieve it from the "past reports" section. i'm only used to seeing it listed immediately after each individual report is sent, and i decided to post here only after pondering upon it after i had completed a series of reports, of which it was only one

if you can inform me how i can retrieve it at this later stage i will gladly supply it...

FAQ Entry: Getting a Tracking URL from a Report ID
Link to comment
Share on other sites

thx

here is the tracking url:-

http://www.spamcop.net/sc?id=z2257795468zf...c26fa5fbcd0819z

i had tried that before but, as there were so many parts to the report, i hadn't realised that any of those that contained the message body would parse and return the same url you receive upon first reporting

still, i know now

Link to comment
Share on other sites

  • 3 weeks later...

Thanks for the tracker. It certainly looks like "targeted spam", odds are it is just that. Google the phrase (also targetted spam) to find you're not alone in wondering how and why. By its nature it's not high volume but I guess those on the "rich list" would see it more often. It is more likely to take you in if you don't see much of it - we're all familiar with the overkill of "standard" spam which is one of the factors making its (human) detection a "no brainer" (though, unfortunately, even that negligible level of discernment apparently remains in excess of the intellectual capacity and/or prudence of all too many). So, this stuff is crafted to obtain a higher hit rate than the standard variety, I would think often (but not essentially) with some sort of high(er) stakes involved in what the spammer hopes to be subsequent contacts. It's just a "return on outlay" equation to these criminals.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...