Today my wife recieved a spam. A real spam. Written on paper, in an envelope, picked up from our physical mailbox outside our house. Now, how cool is that!? The spammer had no idea that the reciever is married to an IT security specialist. On the other hand, I dont have any spam filters on our physical mailbox. Who's got who?
A lot of spam are based on a current topic, just to make sure that the reciever can relate to the content and hopefully make a hasty decision. The "quick and dangerous" spam is the one with a link (not in this case) leading to some photo or movie, which later results in downloading a viral codec file or something. This particular spam is related to the tsunami in 2004.
In this case, it's a little more sophisticated. Either one of these could be true for this spam:
- Correspondance continues to build trust. At some point the transfer of the considerably high amount of money ($5.500.000) requires a deposit from the reciever of the spam. This could be motivated by either enabling a bank account, cover a transfer fee, or to do the classic turnaround – the spammer needs to know that you can be trusted! A small deposit/fee of, say $25.000, is realistic and an acceptable risk for anyone who, at this stage, believes that the $5.5 millions are now just a few phone calls away.
- Money laundry. Move some money just to make it clean. Money collected from other scams, rouge antivirus campaigns, extortion, or whatever. They give you the entire amount, with the instruction to keep 50%, and move the other half to another bank account. Money is moved, safely, and the trace ends at the "goal keeper".
Here's the actual spam letter. It looks pretty realistic, except from some wordings and wrong spelling. I bet the author have seen a fair share of attourney's letters, but in a completely different context.
In the letter we find the email address *@writeme.com. Could be for real, as the WHOIS informations shows a company that I have seen in other spam stories. The domain of course leads to a regular spam link portal.
World Media Group, LLC
ATTN Domain Inquiries
90 Washington Valley Rd., #1128
Bedminster, NJ 07921
So what do you think? Impressed? If you have seen anything similar, got evidence of an ongoing campaign, or have any other conclusion, please post a comment.