High Quality Spam

Spam1This morning I got a notice from Chase Bank that my account had been accessed from a different location.  Could I please go to their website and verify my identity?  Considering I that I haven’t banked at Chase in at least 5 years it seemed a wee bit suspicious.  My gut told me it was spam, but what did the message itself tell me?
The source code concealed as much as it revealed, but my inquiry showed me how these new fangled criminals cover their tracks.

I told my trusty "Mail" program to reveal the original source of the
message so I could see where it actually came from.  It certainly
wasn’t from Chase.  Examining the source told me a few things:

* Columbia University rates incoming messages with a spam score–not
sure how Apple Mail uses it, but this got a spam score of 7.4/10 and
was tagged "CU_PHISHY"

* To make the mail look authentic they rely upon images from the Chase website itself. 

* The site they want you to click on resides in China–
http://www.langoit.com.cn  The attached image of the site provides a
serious hint that they’re Phishing–it doesn’t use the actual chase
URL, rather a number.  Spamsite

* I tried to find out who owned those domain names by doing a simple
"Whois" search –both the mailer and the site in China–I wasn’t able
to learn anything other than that these folks own a bunch of domains.
No physical addresses there.

I reported the Spam to Chase but how do you fight this new form of
crime?  It must require strong coordination of different law
enforcement agencies in different countries and cost a good deal of
money.  It preys on the ignorance of users and their trust–and makes
us all worse off.  The Internet–so many new possibilities, so many yet
to be imagined–some wonderful, some not so good.  As my soon to be 95
year old grandmother often counsels, "be good, and if you can’t be
good, be careful."  Good advice, regardless of context.

2 thoughts on “High Quality Spam

  1. anders

    if you put this:
    * ^X-Spam-Score:.*\*\*\*\*\*
    into your .procmailrc on cunix, it will automatically move any incoming messages with a spam score of 6 or higher (that’s about the best cutoff i’ve found. higher and too much spam comes through, lower and there are too many false positives) gets sent to a spam folder.


Leave a Reply

Your email address will not be published. Required fields are marked *