Wednesday, February 8, 2017

Adventures in Spamming

Recently, I received an email supposedly from my CEO demanding that I send a wire transfer immediately. I used to work in computer forensics and understand the issue of dealing with spammers and phishing, whatever, but this was the first time I had received an email spoofing my boss. As the branding maven in my company I was horrified to see the email signature without my glorious logo and format. It certainly was not my boss. It started like this:

Now, my boss calls me Jeanne. In fact, no one ever uses my legal first name. The English is also a bit off for an American. Besides, my boss would never ask me to do a wire transfer for any amount to anyone. I just don't handle that part of the business.I looked through the metadata of the email and saw that it was actually coming from, not my boss' actual email. But I had some time on my hands that evening, so, I thought it could be a bit of fun. I replied.

The spammer responded with authentic looking wire transfer details. (I do international wire transfers every month because I'm an American expat working in India, so I know how these should look. ) He was very demanding in tone.

Again, it's all very informal, the way the capitalizing of certain words while others are not. Definitely not someone familiar with how addresses should be organized in the US. I decided to continue this ruse to see where it would take me. I responded.

And he responded right back.

Definitely poor English. Obviously not his first language. I responded.

He chafed at this demand.

I responded.

About an hour later I received a response.

Now I typically don't open attachments and consulted with a techie before opening the document. We isolated the file on a closed system and screened it for any malicious code. It was a drivers license image.

There are a couple of issues with the image. For example, there is no town called Adnock in New York. We don't use commas after the street address number. The zip code is for Norwich. The signature does not match. I googled the image for Alex Eric and I found this:

Interestingly, when I searched for the original image, it immediately changed my google to Spanish. Hmmm. So I responded to the spammer.

I don't believe I will be hearing back from this gentleman (and I use the term loosely) any time soon. Game on, spammer!

1 comment:

  1. I just got an email from "Tim Wooley" at the same email address. Thank you for posting this!!