[sf-lug] spam vs. anti-spam
Rick Moen
rick at linuxmafia.com
Fri May 7 17:09:49 PDT 2021
Quoting Akkana Peck (akkana at shallowsky.com):
> Oh, wow. Is that why I keep getting mail from services like paypal
> (and other real services) for someone with an obviously autogenerated
> realname, but my email address? I've never been able to figure out
> what possible good that would do spammers, since the owner of the
> email address obviously isn't going to confirm it.
Not sure. I've also seen a lot of the other combination, UCE and other
junk that cites real-to-recipients and relevant realnames, but
associated with junk, throwaway e-mail addresses. One thing is
apparent, though, a lot of this noise traffic relies on massive capture
of who-communicates-with-whom data (probably much of it harvested on
virus-infected MS-Windows desktop boxes) that then is fed through a
humungous Bayesian classifier program that cranks out plausible
names/addresses who might credibly be claimed to be known contacts /
correspondents for other names/addresses.
E.g., I've seen more-modern spam and phishing e-mails that obviously
were designed to target known fellow members/posters on private mailing
lists, by forging sender IDs to simulate one member/poster and try to
fool a different one. Under the circumstances, the most plausible way
for them (the criminals) to have gotten that data was for one or more
subscriber to have been operating on a virus-beset Windoze box. (And,
as a reminder, these campaigns are in general 100% software-run and
generated, spun out by some big perl script in Eastern Europe. The
notion of victims being personally targeted by master criminals is
unrealistic. Spammers and scammers automate to the greatest possible
degree.)
> But maybe they could use it to test whether my email address is live
Certainly, there is a _lot_ of probing of e-mail targets, SMS targets,
landlines, and cellular lines just to log into a database 'this can be
used to reach a warm body on Fridays around 5pm local'. Because those
are higher-value, higher-priority targets once validated to have a warm
body in attendance.
More information about the sf-lug
mailing list