RANDOM THOUGHTS #242

Steve Cole ponders his thoughts on internet spam:
    

1. I was told a story once, by someone who insisted it was true and was in a position to have known. Back when they invented the Internet, somebody at that table suggested charging a penny per email. It would, the story said, have been easy to implement a system from the start that did not let an email into the router loop until some account had paid the penny (or a fraction of a penny). The vast majority didn't want to bother, or thought that the internet should be free. If that system had been in place, there would be no spam. Spam only works by blasting 40 million or more emails and even at a quarter of a penny per email that would not be something spammers could afford.
    

2. Sometimes I find myself admiring the cleverness of the spammers in creating subject lines that make me open the email thinking it might be real. These started with pathetic attempts like "Here is the document" but have now graduated to claims to be court summons, invoices, or (my personal favorite) "Why did you file this lawsuit against me?"
    

3. Sometimes I find myself wanting to email the spammers corrections to their typographical errors. But I resist.
    

4. I remember my first Nigerian spam email, and thinking right away that this must be asking me to do something illegal like money laundering. Didn't take long to hear that it was that and so much more (that they would eventually want money to pay for customs fees or bribes or bank transfer fees or whatever). The one thing I did realize above all else was that to delete spam is to be one of 39.9 million people who ignored it, but to play with them is to attract attention, trouble, and even physical attacks. There are plenty of reports of people being kidnapped.
    

5. We got an alert on the game industry chat system of a scam that started in Australia. They sent out a lot of emails to any address with a shopping cart, asking if the cart will take credit cards. Once they get an answer (I just delete these) they order tons of stuff using stolen credit cards, then have it shipped to some address in their country. (The local police, one can assume, will be no help at all once the thousand dollar credit card charge is declared fraudulent and taken back out of your account.) Once they have the merchandise they just sell it on their own discount store. The original bunch in Australia had everything sent to an abandoned gas station in the countryside. Somebody who had no idea what was going on was paid to sit there and read a book all day and sign for the packages and lock them in the building. The crooks would then call from a burner phone to see what showed up and (if anything did) they would stop by to get it. You can recognize this one because it always asks if you take credit cards and asks for your catalog or website so they can order stuff, but never names a product they want to buy.
    

6. Worse than spammers are the viruses. They want you to open some document which then infects your computer. They will then harvest your mailing list for valid email addresses, then use your computer (as a zombie) to do things like probe other websites for weaknesses, bombard websites with millions of requests thereby shutting them down, make brute force attacks on log-in passwords, and other nasty things. A variation of this is the "click on this link" scam, usually part of an email with such amusing headlines as "negative item posted to your record" or "are these your naked photos?" or "why did you send me this subpoena?" or others.
    

7. I get about 2000 spams a day, but the filters stop all but about 150 per day. The reason I get so much spam is that my email address is listed on the company contact page, and spambots always scan anything on a website that says "contact" looking for working addresses.
    

8. Something spambots do is find a legitimate address and then make up a few thousand addresses combining that domain and common names or titles, e.g., sales@xyz.not, bob@xyz.not, Jones@xyz.not, and so forth. The ones that don't bounce are actual addresses.
    

9. Chinese spies are really good at tricking inattentive people. They buy a domain that is an alternate spelling of a real company (e.g., defensecompany.com instead of defensecontractor.com) and use it to spamblast the real company with emails like "I am out of town. I have a presentation tomorrow and my copy of the secret manual on the new weapon is corrupted. Can somebody email me a new copy?" It doesn't work every time, but it works often enough.
    

10. The last time I had the computer experts do their thing to my PC they found a "Bitcoin miner" program, which somehow used my computer during the night to look for Bitcoin accounts and try to drain them of money. It seems likely that I got this on a pirate download website. When downloading a stolen copy of one of our products (so I could file a DMCA), that thing came along for the ride. It's gone now, and new security software will make sure it never comes back. But the point is that some websites (the ones with pornography or with pirated stuff you can download) are swarming with virus attachments. Sometimes the file you think you want to download (usually a complete copy of a popular book) isn't that at all, but a virus. (They never had a copy of the book, but they knew it was popular. Supposedly there are sites out there offering free copies of the next book in a popular series of the next episode of a popular TV show.) Being the company president I have to go to pirate sites to find the information to instruct Simone in DMCA notices and that's why I'm vulnerable to those most evil of viruses.