If the powers that be don't want this to happen, they can lock or
delete this thread. If you don't want to be involved in this subject,
like if you believe it to be a total waste of time, I suggest you not
read this thread - problem solved. Sorry to sound defensive here, but
this defensive feeling comes solely from my prior interactions on this
forum...
OK, I'll kick this off with what I think was a very cleverly written
spam. My bet is that many newbies that don't have Norton installed (my
Norton did autodelete the attachment they refer to below) will click on
the attachment link - some out of fear, and some out of curiousity.
Here it is:
---
From: <Po...@cia.gov>
To: <horatio AT earthling.net>
Subject: You visit illegal websites
Date: Tuesday, June 13, 2006 11:00 AM
Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison
++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505
++++ phone: (703) 482-0623
++++ 7:00 a.m. to 5:00 p.m., US Eastern time
I'm not sure how you know it is phishing; I myself was suspecting that
the attachment would install malware on the unsuspecting clicker's
computer. I guess this because my Norton autodeleted the attachment.
But this is not the point anyway - sorry to digress.
But that aside, you missed my point. Don, I do understand that an
Internet user as experienced as yourself would not click on the
attachment and you find that spam to be boring - but that is not the
point. In fact, if all internet users were as experienced as you,
spamming might die a painful and uneconomic death without the frog's
help.
The mark of a successful spam is to accomplish getting people to click
- either on an attachment or on a URL. In either case, the spammer
tries to appeal to average users and/or newbies. Today's internet
continues to be filled with non-knowledgeable newbies, which is one of
the reasons that spamming continues to be an effective means to the
spammer's ends.
So, the real question here when identifying a particularly clever spam,
is whether or not a spam would cause many /newbies/ to click - or not.
Horatio
Easy to see now why I posted the defensive comments in the intial post
- but I had at that time a hope that some of this group would be
interested in discussing and disecting the textual content of spams -
my mistake.
- horatio
I believe you neglectfully forgot to sign your post "Hurrumph!", lol.
And 'furthermore', as you read in these forums, more anti-spammers
*have* read more spams lately; doubly furthermore, if you're going to
make an allegation like that, it would be most polite to provide a
clickable link to the thread of discussion where that happened. Sorry
to be critical, but that is my opinion.
<flame-bait-do-not-respond>
Could it be that okopipi is causing an *increase* in spams being read
by humans?
</flame-bait-do-not-respond>
Sorry, the main purpose of this post was to actually use the phrase
"And, furthermore".... it sounds way cool... (just kidding.... keep
smilin')
-horatio
There is no need to measure the effectiveness of these E-mails as that
is not why we want them stopped, those reasons are better measured by
the amount of bandwidth wasted by pushing these messages around and the
static-to-noise ratio of your standard inbox. And these measures have
been well established.
Although I'm sure that this next thing has been posted elsewhere
(everything else has, I've read...), I'm beginning to wonder why the
organization of this project is purportedly open, vs. building it
behind closed doors with no communication from/to the public? Hmmm, I
sure wish I were smarter...
Thanks again for straightening me out,
horatio
Maybe I'm showing my lack of knowledge here too, but how is it known
that this is phishing?
And how is it 'not spam'?
The difference is that in the quoted email, there was no attempt to
sell anything; rather to get horation to call or email for "support."
That way they could ask for a lot of information to confirm that he
does in fact control the addresses in question. From that point on they
would use the information for identity theft.
Spam is unsollicited commercial emails. In this case the email, while
unsollicited, was aimed at getting information to commit identity
theft. I personally, don't bother to differentiate in most discussions.
>From a project standpoint, the handling of phish mail would have to be
directed at the bank or other organization that would be expected to
head off the fraud.
Don't worry about knowing this, well unless you clicky clicky on a lot
of links ;) , asking easily understood questions is not a problem.
> Spam is unsollicited commercial emails.
Many people strongly disagree with this definition of spam. It is
very common to define spam as Unsolicited *Bulk* Email (UBE). Many of
the earliest uses of the term "spam" were in reference to things that
were not commercial at all, such as mass religious rants, or later on,
mass political rants.
Most ISPs have Terms Of Service (ToS) or Acceptable Use Policies (AUP)
that prohibit UBE, making no distinction between the different types
of bulk email. Many laws, however, restrict only Unsolicited
Commercial Email (UCE) because there are fewer constitutional
protections from *governments* restricting commercial speech than on
religious or political speech.
>>From a project standpoint, the handling of phish mail would have to be
> directed at the bank or other organization that would be expected to
> head off the fraud.
From the project's standpoint, I think that phishing is just as much
of a problem as UCE. Getting phishers to stop sending you email is
just as useful as getting UCE stopped.
-wayne
is there a way to be in contact with the stock exchange, and somehow
hurt the the pump&dump spam... letting the spammer understand he got
nailed by Okopipi?
Liberty
I suggest you read this:-
http://makeashorterlink.com/?A1A724A4D
Whilst not directly applicable those of you in the Former New World
Colonies it may give you half a clue about how to respond to various
types of spam in general and then you can do it through your local law
enforcement agencies.
No mention of Okopipi yet though.