On the trail of spammers

[17 Feb edit: updated the information and added in the link to the spreadsheet]

One of my weird(er) interests is to collect spam samples, not all spam though, the specific ones that were sent from friends’ email accounts. I’ve even asked for people to send me samples of such spam to me back in 2011 (the call for samples still stands though. More spam! More spam!).

What these spammers do with compromised email accounts is to send out spam using their email identities, in the hopes that someone would click through, and you know the rest.  What’s not very effective of such spam campaigns though, is that these spam would only contain a single URL in the body with no subject line at all.  Good for circumventing spam filters, not so good for getting even the careless to click through.  Lucky for us.

This type of spam has been sent since pre-2011 days

While the volume of such spam mails have been coming in at a trickle’s pace, they have always been coming in all these years.  The situation changed all of a sudden since yesterday:

Open the (spam) floodgates!

While there have been Yahoo! Webmail XSS vulnerabilities publicly known, and even sold in underground markets granting illegal access to Yahoo! Webmail accounts, this is still weird: Why would these accounts be used to send so much spam all of a sudden?  Did somebody accidentally dispatch a massive spam job through all the Yahoo accounts they had control over?

(If you have a Yahoo! Webmail account, it is highly recommended that you change your password (to a good one), and make sure that no one else has any way of regaining access to your webmail identity.)

After some digging around, the trail (all the redirected requests triggered AV alerts) becomes pretty obvious.  Looks like someone got greedy (or careless) here, because all the trails end at the same point…

Here’re some of the findings in spreadsheet form (last update 17 Feb 2013).  The links sent in the spam emails are all for .de (German) websites, which in turn redirect to what appears to be a site for work-from-home schemes.

Continue reading On the trail of spammers →

Telemarketer Blacklist

No telemarketing calls please

(Last updated 13 Nov 2013)

Here’s a list of blacklisted (mostly Singapore) telephone numbers for telemarketer related unsolicited calls/messages (both the upfront and the shady social-engineering types), and illegal moneylending types (these seem to be getting more and more brazen in their advertising of late).

[edit] It seems that our contact numbers are also subject to wanton misuse by companies that would send SMS spam en masse on behalf of all (usually real estate agents boasting of their high earnings haha) who would subscribe to their services. Although such SMS spam usually would include an unsubscribe option, sadly these never work, from my limited experience when I stupidly tried multiple times to unsubscribe. Why should they remove you anyway? It’s not illegal (yet) to spam you like this. And like spam emails, replying to them probably would only serve to confirm that there is an idiot actually reading through their spam. Until the necessary legal framework is in place for us to opt out once and for all, I’m adding these numbers (spam senders and all associated advertisers) into this blacklist too. This is to remove any likelihood of answering cold-calls from such numbers anyway.

Feel free to use this list in any way you wish, though I generally ignore messages and calls from these numbers. 😉 You can also download the vCard file to import these numbers into your phone.

[edit] There is now a Do Not Call Registry under the Personal Data Protection Commission. Hopefully this post/method gets obsoleted when the DNC comes into effect. Consumers can register their numbers into the DNC online, or via SMS or phone.

Continue reading Telemarketer Blacklist →

Those Darned Telemarketers

Beware of the Wily Old Fox

Social engineering, … is understood to mean the art of manipulating people into performing actions…

Yet another example today of a stupidly simple, yet effective and easy to pull off trick that telemarketers use: pretending that you have “won” or are entitled to Something Good (which probably isn’t). Not as if someone else has not tried this before.

Got a call from 65345723, masquerading as someone from UOB this time.

Miss T: Hello, I’m calling from UOB. Would like to ask you if you’ve done your holiday resort redemption yet?
Me: Huh? What’s that about?
Miss T: Oh, I guess you have not done it yet. You see, we have this redemption thing for UOB members, you just need to come over to UOB tower…
Me: (smiling at this point) Oh…but I don’t have an UOB account, heh.
Miss T: Oh…ok then. *hangs up*

In this case, the tactic being used is called “pretexting“. Plenty of (email) spammers use this trick too, usually trying their luck at impersonating emails from a range of popular social networks and banking services in the hope of getting you to click on a bad link.

This number 65345723 has been flagged by others for calling on behalf of (or pretending to be, I don’t know which is it) other parties like a travel agency (hmmm, “holiday resort redemption”?) and another bank (OCBC) claiming a win of a tablet PC. These folks are really unscrupulous…

Oh well, yet another number to add to my Do Not Answer list.