Skip to content

Spam, Spam, Spam, Spam…

January 15, 2010

Spam emails; we all get them (unless you have managed to avoid either using email or giving the address to absolutely anyone), and they are really stupid and annoying. But I always open them up and have a look (Gmail blocks all pictures, links and attachments so there’s no risk), because sometimes they can be so awful they’re hilarious. Only a few weeks ago I got a pleading email from someone claiming they were trapped abroad and needed help from someone ‘back home’ to transfer money back to their country. This mysterious foreign country they were trapped in? England…

This is one of the many cases I have seen for the misguided belief that Everyone On The Internet Is American, despite this being far from the truth. Most emails I get are a little more realistic, and while some assume I am French, Spanish, or even in one case Russian, most seem to have tagged my email addresses as British, somehow.

Below is an example of an email I received today, word for word. It knows/assumes I am British, but still manages to fail spectacularly in its lack of research:

HSBC Bank UK
to me
subject Welcome To The 2010 Banking Season

Logo Dear Valued Customer,

HSBC Bank wishes all there customer a happy new year and welcomes you to another new banking season

please be informed that we are updating to a new EL SSL server due to the new banking year and this requires

all our customers to update there account profile to 2010 banking profile .

Log on to update your account profile

Sincerely,
HSBC Bank UK

Now, the most obvious thing about that is that the author either has no grasp of or no care about the correct use of English, which is a bad start already if you want to scam English people. They also do not understand the financial year, which does not start in January in many countries around the world (Wikipedia tells me only China use the calendar year as the financial year, though there may be less well-known others).

It’s my knowledge of computers which really makes the lack of research clear to me, though. For a start, the email appears to come from HSBC’s domain, which seems convincing until you look up how easy it is to spoof an email address if you know how email protocols work. After that, I start despairing at how much someone can get wrong if they already know about email systems.

The phrase ‘updating to a new EL SSL server’ is mostly garbage – you don’t have ‘SSL servers’, and updating SSL on your systems is something that happens fairly frequently and without any need to contact customers. It’s like your bank sending you a letter saying ‘You’ll need to visit the bank tomorrow, because we just changed our locks…’ The customer doesn’t need to know, and probably won’t notice even if you told them. Also, I would hope that most banks would be using TSL, which started replacing SSL nearly a decade ago for high-security systems, although SSL is still common enough that I suppose a particularly lax bank might still be using it.

So yes, spam and phishing emails can be hilarious on occasion. The biggest flaw in the whole scam is that they have to guess which bank you are with – I’ve received hundreds of phishing emails and only one claiming to be my actual bank. The best one, however, was when I checked my old email address that I set up as a teenager – you know the kind; ridiculous, slightly embarrassing and usually obscene or disturbing in some way that was very amusing ten years ago. There I found an email claiming to be from a Christian woman with less than a year to live (!) who had a lot of money and no heir, who was sick of seeing society becoming depraved and sinful, and wanted her money to go to someone who could use it to try and make the world a more spiritual place. Apparently, this meant me.

Advertisements
3 Comments leave one →
  1. wickedday permalink
    January 15, 2010 3:43 pm

    … lovely spam! Wonderful spam! Ahem.

    I love the uni spam filter, it catches pretty much everything. I also strenuously avoid giving out my email address to anyone if I can help it, which also helps keep it down.

    You didn’t tell me about that last one. That’s . . . amazing. Hate to think what counts as ‘depraved and sinful’ if you’re the last great hope for Christianity :p

  2. Paul Skinner permalink
    January 17, 2010 12:29 am

    I think you mean TLS 🙂

    The email system is so fundamentally flawed that I’m amazed nothing has been done about it.

  3. knightofthedropdowntable permalink*
    January 25, 2010 10:52 am

    I think I have just received the most elaborate and ridiculous spam email ever created… I have an email apparently from the FBI Fraud Division, about a joint operation with Interpol and the United Nations (!), claiming to have found $9.8 million that should have been sent to me (it gives several possible reasons I might be entitled to this, but nothing specific to me), but that was instead hoarded by the current Nigerian President. To receive this money, they will deliver a cheque with UPS, as long as I pay the delivery cost, but thanks to their influence I “will only need to pay $220 instead of $520 saving [me] $300.”

    The next paragraph repeatedly tells me that I only need to pay $220 and it’s such a bargain, it sounds like some kind of QVC advert, not a serious email (apparently) from the most influential police force in the world. It then lists names and UPS tracking numbers, so I can see for myself that this is genuine, although if you actually CHECK the tracking numbers you see the names listed on the email are not the names of the UPS parcel recipients… Elaborate, but not very smart, they could have taken the names off the UPS website and used them in the email.

    Finally, because this is from the FBI, there are several warnings about receiving exactly this kind of email, including this cherry on the cake: “Take note that anyone asking you for some kind of money above the usual fee is definitely a fraudsters and you will have to stop communication with every other person if you have been in contact with any.”
    So, wait, they’ve literally just told me that their email is a scam? After all this effort? (About 1000+ words, it’s a long email!)

    Mentioning that the FBI only deal with US domestic crimes and not anything to do with Nigeria seems a bit pointless, after all this, and especially when you check the email address it came from – I don’t think the FBI use @msn.com email addresses… *shakes head*

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s