Saturday, October 11, 2008

Are people really still falling for this?

My GMail account gets a LOT of spam.  I'm not sure how I ended up on so many spam lists, but I suspect GMail themselves are partly to blame.  There's also the issue that there are about four other people in the country, and one in Australia apparently, who think my e-mail address is theirs.  These people are apparently not very bright when it comes to where and when it's appropriate to give out your (or rather my) e-mail address.  They also appear to like to sign up for e-mail distribution lists on sites that apparently do not verify your e-mail address.  There's not much I can do to stop it, but I do appreciate GMail's rather thorough spam filter. 

Today I took a look at the spam folder.  I do this occasionally just to make sure there isn't something there that shouldn't be.  I generally get tired after the first two or three pages and just delete it all anyway.  Today I had 828 Spam messages.  That's something like 36 times the number of real e-mails sitting in my inbox.  In fairness, I had just deleted several real messages from real distribution lists I'm really subscribed to, just because I know I'll never get time to read them.  Sorry CodeProject.  But still, 36 spam e-mails for every 1 real e-mail I receive.  That is beyond ludicrous. 

As I'm looking through, I scroll past the messages letting me know important things like "Free pass for Enticing teens" and "Don't Delay get Money Today" and "Vaigra cailis" (whatever the hell that is), offers for free Anti-Depressents, growing my organ to a big hulk (I prefer the piano, myself), Make myself 10 years younger, Branded watches, several in Chinese I can't read due to a lack of speaking Chinese , Generic Meds, getting bang for my buck, Free Prescriptions, 90% prices, free Blackberry (that I can believe.  They would have to force one on me), larger rods (but will it fit in my car's engine?), "Zohan's secret to success", the bailout package I need, an imperative to "stop being a disappointment in bed", blah blah blah blah blah blah blah.  And that was just today's spam.

If it weren't for spam filters, I would have sworn off e-mail by now.  That is absolutely ridiculous.  And why is it so damn hard to spell ridiculous?

Then one caught my eye.  It was so obviously a phishing scam it might very well have had blinking lights and a marching band playing "All your monies are belong to us, L00zR".  I had a brief flash of those commercials where the old lady is giving a diatribe on identity theft in an inner city young boy's voice. 

This one was a warning that my Chemical Bank account information needed verification.  Out of curiosity I opened it.  GMail dutifully put this disclaimer at the top:

image I know that's hard to read.  It says (in a very danger sense arousing red color) "Warning: This message may not be from whom it claims to be.  Beware of following any links in it or of providing the sender with any personal information."  Ya think?  I don't have a Chemical Bank account.  I've never even heard of them.  I had to Google them just to find out they actually do exist.  I thought it was a made up name.  That would have to be the worst phishing scam in history.

Here's the content:


I have to admit, that's pretty good.  It looks real enough, and the styling looks just like the branding on the real bank's website, but there's just a hint of Engrish there.  Just enough to tip their hand.  No place I've ever worked for would allow that kind of grammar to go out in an official e-mail.  The link was disabled (Thanks again, GMail), but you can be sure if I had enabled it, it wouldn't go to to that URL. 

This kind of scam has been around for years.  This e-mail is completely classic.  It's better crafted than most.  For most of us, the first indicator that something isn't right is the "I don't have an account with that bank" issue.  The purpose, of course, it to hit the handful of people who actually do. 

Not long ago my wife asked me about a very similar message that managed to make it past three spam filters to her inbox.  I said simply "We don't bank there, delete it".  I then had to continue on to fully explain the scam that was occurring before she would believe me.  She finally deleted it, "If you're sure".  Yes, I am.

How is it, in this day and age, that there are still people who fall for this?  There must be, or they wouldn't still be sending this kind of crap out.  I think I can safely assume that anybody who reads this blog is smart enough to see this for what it really is, even if it hadn't landed in the spam box.  Have we, the technically elite, failed our not so technical counterparts here?  Have we somehow failed to let everybody know about the basics of e-mail security?  We must have, if there are still people out there running one of the oldest scams in the book.  They don't need to make up new scams, the old ones are still working. 

If you haven't told your wife, husband, mom, dad, sister, brother, half second cousin in law about what we consider to be common sense in handing e-mail, now would be the time.

1 comment:

  1. If only I could get the faculty where I work to actually listen when I warn them. I send out a PSA every semester.