Stealthed Spam, Redux II!

The spammers are upping the stakes in the stealthed spam arena again. This entry will cover a stealthed spam I received this morning, but before that let me suggest that if you don't know what I am talking about, then you should take a look at my previous blog entries covering this area. These are [30th January 2008] and [17th October 2007]. This will also allow you to follow the development of this as a spamming technique.

So, now if you know what I mean by stealth and stealth spam, let me show you the latest example I have seen, just today, in fact:

The body of the e-mail would have you believe that it is from 'Irwin Bank and Trust':



With the above example, all the URLS [web-links] except one, used in the e-mail point to the real Banks site! All the text is probably taken from the real Banks website. This e-mail passes the tests that most of us use to decide if something is spam or not, in other words it pretty easily passes the 'Eyeball' test fairly easily as it looks pretty genuine. The only missing pieces are any remote graphics, which most e-mail programs will not show, at least not by default.

So, what does it look like when I enable 'allow remote images' in the e-mail program?

It looks like this [yes, it is the same e-mail]:



Now it fails the 'Eyeball' test with ease.

Although, the stealthed e-mail shown above is pretty convincing, it isn't perfect as the e-mail address it shows as the from address [admin@viagra.com] and the subject used [RE:February 83% OFF] are not consistent with the rest of the e-mail, and are obviously spammy. So, the spammers need to sort these problems out to create the perfect stealthed spam.

Why do I call this 'Stealthed Spam'? Well, simply because the spam component is hidden and not in plain view, at first.

As they say "Keep 'em peeled!", which means keep your eyes open and stay alert. Or, as other might say, "don't believe everything you see or read", it may be a clever fake.

If you see any other interesting new tricks/techniques or file formats being used by spammers then please feel free to send me the details or post the information as a comment. Thanks!