deviantchild Posted September 18, 2008 Posted September 18, 2008 recently i've had two mails that i've reported through spamcop that look semi legit each has had the subject "Your Recent Stay at The Gateway Hotel Fatehabad Road Agra" and each has addressed me by my surname, prefixed with "Mr." in the message body there appears to be no obfuscation, and all reports ( for the most recent of the two) went to abuseATnetmagicsolutionsDOTcom and abuseATnetmagiciansDOTcom a quick google for "net magic solutions" returns results for an indian company - something to do with mail security solutions, so they say although the hotmail address that these emails were sent to is comprised of my forename and surname joined (butted up against each other), my account settings do not state my gender or the two names individually, simply initials sure, a human could discern the two names and create the division in order to address me by my surname, but does this now mean there are more advanced methods of creating spam now? or does this mean that somebody with my address had their system compromised? or hotmail itself got hacked? - although that still doesn't explain how the mail was created from my ambiguous account details i reported both anyway, since i haven't subscribed to anything, given out my details or stayed in said hotel - although i have been to agra a long time ago when i was travelling, but that was a couple of years before i was even on the web
Wazoo Posted September 18, 2008 Posted September 18, 2008 recently i've had two mails that i've reported through spamcop that look semi legit An awful lot of words used to describe something that a Tracking URL would display fully/ although the hotmail address that these emails were sent to is comprised of my forename and surname joined (butted up against each other), my account settings do not state my gender or the two names individually, simply initials A bit confusing .. you start with 'full name' but then change it to 'initials' .... ????? Gender selection .... ignoring the above comment, the spammer had a 50 - 50 chance of being correct. sure, a human could discern the two names and create the division in order to address me by my surname, but does this now mean there are more advanced methods of creating spam now? or does this mean that somebody with my address had their system compromised? or hotmail itself got hacked? - although that still doesn't explain how the mail was created from my ambiguous account details Know not why folks keep wanting someone here to explain the lunacy involved in the spamming arts.
rconner Posted September 18, 2008 Posted September 18, 2008 recently i've had two mails that i've reported through spamcop that look semi legit each has had the subject "Your Recent Stay at The Gateway Hotel Fatehabad Road Agra" and each has addressed me by my surname, prefixed with "Mr." in the message body Sometimes people might get your name out of the "nickname" field that often appears next to the e-mail address (e.g., "John Q. Smith" <jsmith[at]something.foo>). Do your messages show such a nickname when people receive them? -- rick
deviantchild Posted September 18, 2008 Author Posted September 18, 2008 An awful lot of words used to describe something that a Tracking URL would display fully/ i didn't supply a tracking url because i couldn't see how to retrieve it from the "past reports" section. i'm only used to seeing it listed immediately after each individual report is sent, and i decided to post here only after pondering upon it after i had completed a series of reports, of which it was only one if you can inform me how i can retrieve it at this later stage i will gladly supply it A bit confusing .. you start with 'full name' but then change it to 'initials' .... ????? not really. if you read carefully you will see that at first i refer to the "address" being comprised of two full names then later refer to the "account settings" [within hotmail itself - in the control panel, as you would have here] as only referring to me by initial this should also answer rconner's query: i have no nick, just the same two initials Gender selection .... ignoring the above comment, the spammer had a 50 - 50 chance of being correct. agreed, but i was mentioning it more in the context of how genuine the mails had seemed and how it seemed add a touch more weight to the possibility that somebody's system had been compromised, where they had filled their address book with my missing details not particularly important and i'd rather steer focus away from this scenario Know not why folks keep wanting someone here to explain the lunacy involved in the spamming arts. of course i'm not after spam motivation analysis - i'm far too web-versed and scum weary for that many joe-folks are told, as a pre-emptive precaution, to look for things such as making sure you are being addressed by name in a mail to at least limit some chance of being taken for a ride many legit companies that are often spoofed by spam phishers (such as ebay) make a point of addressing you personally to help legitimise any genuine email correspondence if this is about to anulled by a new evolution in spamming i would like to know so that i may inform (possibly non-computer savvy) folks when securely setting up their machines and introducing them to pitfalls and perils of the web
Farelf Posted September 19, 2008 Posted September 19, 2008 i didn't supply a tracking url because i couldn't see how to retrieve it from the "past reports" section. i'm only used to seeing it listed immediately after each individual report is sent, and i decided to post here only after pondering upon it after i had completed a series of reports, of which it was only one if you can inform me how i can retrieve it at this later stage i will gladly supply it... FAQ Entry: Getting a Tracking URL from a Report ID
deviantchild Posted September 19, 2008 Author Posted September 19, 2008 FAQ Entry: Getting a Tracking URL from a Report ID thx here is the tracking url:- http://www.spamcop.net/sc?id=z2257795468zf...c26fa5fbcd0819z i had tried that before but, as there were so many parts to the report, i hadn't realised that any of those that contained the message body would parse and return the same url you receive upon first reporting still, i know now
Farelf Posted October 7, 2008 Posted October 7, 2008 Thanks for the tracker. It certainly looks like "targeted spam", odds are it is just that. Google the phrase (also targetted spam) to find you're not alone in wondering how and why. By its nature it's not high volume but I guess those on the "rich list" would see it more often. It is more likely to take you in if you don't see much of it - we're all familiar with the overkill of "standard" spam which is one of the factors making its (human) detection a "no brainer" (though, unfortunately, even that negligible level of discernment apparently remains in excess of the intellectual capacity and/or prudence of all too many). So, this stuff is crafted to obtain a higher hit rate than the standard variety, I would think often (but not essentially) with some sort of high(er) stakes involved in what the spammer hopes to be subsequent contacts. It's just a "return on outlay" equation to these criminals.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.