Announcement

Collapse
No announcement yet.

Spam that masquerades as something else: what's the point?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Spam that masquerades as something else: what's the point?

    Something I've wondered about for a long time is this: what's the point of sending spam that masquerades as something else?

    In other words, say you receive spam that's titled "Missed voice mail, 2:56PM" and pretends to be from "WhatsAppNotifier." Obviously, the point is to get you to click on its link--assuming that you use WhatsApp, and you're thinking it's really from them and they're really telling you about a missed message. But once you click on the link, and get redirected to a phony-baloney 'pharmacy' selling cheap drugs, then what?

    From the spammer's point of view, they can't actually expect anyone to order from them...right?

    And from the user's point of view, as soon as they realize they've been had, they close the site and that's that.

    So what was the point? Why bother with all the deception?

    In other phishing cases, of course the idea is to get the clueless window$ user to click on a link that will do terrible things to their insecure "operating system," and I guess that makes the phisher/spammer happy. But in the type of example above, I'm really just not seeing where it's supposed to go.
    Xenix/UNIX user since 1985 | Linux user since 1991 | Was registered Linux user #163544


    #2
    I'm with you, I agree. But I believe the thinking among phisers is that it is a numbers game--like much of marketing. If they "contact" x potentials, and only y pop to a sale, where y<< x (like y ~ 0.1%x), then it can still pay off (in absolute $ amount). Ditto for telephone scams, especially among the elderly. If all consumers were like you and I, the scammers/pfishers wouldn't make even one red cent. But there's enough suckers to make the game worthwhile.
    An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

    Comment


      #3
      Originally posted by Qqmike View Post
      I'm with you, I agree. But I believe the thinking among phisers is that it is a numbers game--like much of marketing. If they "contact" x potentials, and only y pop to a sale, where y<< x (like y ~ 0.1%x), then it can still pay off (in absolute $ amount).
      Yeah, I guess so. But--thinking solely in terms of myself--they just piss me off!! No way would I order something from someone who used deception to get me to their site.

      Ditto for telephone scams, especially among the elderly.
      Speaking of telephone scams, I've got one on my answering machine right now that I'm going to hand over to my local police department. I figure their cyber-crimes unit probably needs more work, so what the hell. It's one of those, "this is URGENT...you MUST contact us right now to avoid [some terrible fate with the Treasury Department, I think]...blah blah blah!" Um, yeah, right.
      Xenix/UNIX user since 1985 | Linux user since 1991 | Was registered Linux user #163544

      Comment


        #4
        It's one of those, "this is URGENT...you MUST contact us right now to avoid [some terrible fate with the Treasury Department, I think]...blah blah blah!"
        I just got one like that, too, from Ontario. I've had one of those before, maybe a year ago. Last year, I reported it to some investigative dept of the US Treasury. If you google what you got, you will probably find all sorts of reports on it.
        An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

        Comment


          #5
          Originally posted by Qqmike View Post
          I just got one like that, too, from Ontario. I've had one of those before, maybe a year ago. Last year, I reported it to some investigative dept of the US Treasury. If you google what you got, you will probably find all sorts of reports on it.
          Are you shaking with fear...like I am?!

          Xenix/UNIX user since 1985 | Linux user since 1991 | Was registered Linux user #163544

          Comment


            #6
            Funny, I was reading about this just yesterday.

            It could be a relected XSS attack aiming to steal a session cookie and take over your account for a web service, in which case it doesn't matter if you're on Windows or Linux...it always pays to be careful!

            https://www.owasp.org/index.php/Cros...ting_%28XSS%29

            Fascinating stuff
            samhobbs.co.uk

            Comment


              #7
              Originally posted by DoYouKubuntu View Post
              And from the user's point of view, as soon as they realize they've been had, they close the site and that's that.So what was the point? Why bother with all the deception?
              Sadly that is not the end there... that is just the opening of the door in many cases anymore.
              Kubuntu 18.04 on AMD

              Comment


                #8
                Originally posted by otisklt View Post
                Sadly that is not the end there... that is just the opening of the door in many cases anymore.
                No, not in the scenario I'm referring to. Yes, it's definitely just the beginning when you're talking about phishing that's done to wreak havoc on the user's computer, but not in the scenario I described. In that scenario, the user innocently follows a link disguised as something they may actually have, such as a Facebook or WhatsApp account, then ends up at some 'discount pharmacy' site. The objective is [apparently] to get the user to buy something at that site--but that's my whole point, i.e., WHO would want to do business with some scammer who deceived them in the first place?
                Xenix/UNIX user since 1985 | Linux user since 1991 | Was registered Linux user #163544

                Comment


                  #9
                  The definition of phishing as per Wikipedia
                  Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.[1][2] The word is a neologism created as a homophone of fishing due to the similarity of using fake bait in an attempt to catch a victim. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting victims. Phishing emails may contain links to websites that are infected with malware.[3] Phishing is typically carried out by email spoofing[4] or instant messaging,[5] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users,[6] and exploits the poor usability of current web security technologies.[7] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. Many websites have now created secondary tools for applications, like maps for games, but they should be clearly marked as to who wrote them, and users should not use the same passwords anywhere on the internet.

                  Phishing is a continual threat that keeps growing to this day. The risk grows even larger in social media such as Facebook, Twitter, and Google+. Hackers commonly take advantage these sites to attack people using them at their workplace, homes, or in public in order to take personal and security information that can affect the user or company (if in a workplace environment). Phishing takes advantage of the trust that the user may have since the user may not be able to tell that the site being visited, or program being used, is not real; therefore, when this occurs, the hacker has the chance to gain the personal information of the targeted user, such as passwords, usernames, security codes, and credit card numbers, among other things.
                  What your describing DoYouKubuntu is not phishing, but simply spam.

                  Comment


                    #10
                    Originally posted by NickStone View Post
                    What your describing DoYouKubuntu is not phishing, but simply spam.
                    I respectfully disagree. The e-mails I'm talking about PRETEND to be from Facebook, WhatsApp, or other known entities. Their links PRETEND to lead to Facebook, WhatsApp, etc., in other words the link looks like it's going to a Facebook, WhatsApp, etc., address, but actually it leads to a fake web site. So, yes, at that point the phishing part ends and it turns into spam, but it started out as phishing. (And if the clueless user actually decides to buy something at the fake pharmacy site, their credit card info will quickly be used with bad consequences, I'm sure!)
                    Xenix/UNIX user since 1985 | Linux user since 1991 | Was registered Linux user #163544

                    Comment


                      #11
                      Mixed content is one method to get past some spam filters
                      Kubuntu 18.04 on AMD

                      Comment


                        #12
                        I can't imagine why this sort of thing isn't illegal. Oh wait, I remember - Congress!

                        Please Read Me

                        Comment


                          #13
                          If you click a link in a spam email, you confirm that it is a genuine address among the many thousands randomly generated. Genuine addresses get added to a very valuable list which can be sold for quite a lot of money. They are a bit less valuable these days as computers can generate random addresses very quickly. A list of confirmed addresses still allows a higher hit rate.
                          If you're sitting wondering,
                          Which Batman is the best,
                          There's only one true answer my friend,
                          It's Adam Bloody West!

                          Comment

                          Working...
                          X