Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":512,"date":"2018-01-28T15:54:18","date_gmt":"2018-01-28T15:54:18","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=512"},"modified":"2019-04-17T11:37:36","modified_gmt":"2019-04-17T11:37:36","slug":"nonsense-spam-is-more-dangerous-than-you-think","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2018\/01\/28\/nonsense-spam-is-more-dangerous-than-you-think\/","title":{"rendered":"Nonsense Spam is More Dangerous than You Think"},"content":{"rendered":"

$\"cancelled-pillow-case\"$ Suppose you meet an alien from a far distant galaxy, and she asks you to explain the identifying features of email spam. At face value, it sounds like a simple proposition, but if you think about it, the answer might be more difficult than you realize. Spam comes in so many forms and flavors that it\u2019s hard to nail down a definitive set of characteristics. When you toss marketing and retail spam<\/a> into the mix, the definition for spam morphs from a laundry list of all that\u2019s despicable about human nature into a veritable cornucopia of moronic nonsense. Nonsense, however, can be as dangerous as ignorance, and if you\u2019ve ever wondered \u201cwhat\u2019s the point?\u201d of those nonsensical emails that occasionally invade your inbox, you may want to pay attention.<\/p>\n

You know the email messages. Like so many spam messages, they have a meaningless subject line; but the content seems more pointless than usual. It\u2019s jabberwocky: meaningless mishmashes of words, even partial passages from books. In the space of a day, you may receive a string of these messages, each one different in its subject line and contents. The passages in the body of each email seems random, and if you took the time to examine them in their entirety, you\u2019d be hard-pressed to find two exactly the same. One long stream of uselessness with no apparent purpose, unless maybe to annoy. So you ignore them and move on, shaking your head and wondering why somebody bothered.<\/p>\n

As it turns out, there\u2019s more to these messages than you might think. A nefarious purpose, in fact, and receiving a stream of these messages may be a warning signal for you to check your bank accounts right away.<\/p>\n

In an interesting article at NetworkWorld<\/a>, a blog post by security analyst Fred Touchette discusses the phenomenon of these nonsense messages, and it turns out they may have a very deliberate and despicable purpose. The messages are seemingly random, although they\u2019re anything but. In fact, the article reports, the targets \u201care individuals, whose identity and personal information the thieves already have. The victims’ email inboxes suddenly get flooded with thousands upon thousands of emails \u2013 as many as 60,000 during a 12- to 24-hour period \u2013 that contain no links, no graphics, and no advertisements.\u201d The contents are, according to Touchette, \u201cnothing but mash-ups of words and phrases from literature.\u201d He points out that every email is different, seemingly perfectly randomized, although searching through the messages can reveal repeated content. Obviously, the emails are delivered by botnets, with each message coming from different email and IP addresses. The emails also arrive in a fast and furious fashion, often at a mind-boggling rate. In fact, the incoming data is so persistent, that using the email account during the flood is nearly impossible. That, however, is not the ultimate goal of the messages, Mr. Touchette says.<\/p>\n

The real purpose of the messages, says Touchette, is to distract users from valid emails arriving in their inboxes. When identity fraud or theft occurs, it\u2019s not uncommon for receipts and transaction emails to show up, and the sudden onslaught of nonsense mail is a great way to hide these emails amidst the ongoing wave of messages. If a cybercriminal is using your credentials, this method can be an effective way of prolonging the time period before you discover the fraud. Once the crooks are done draining your accounts, they turn off the flood and move on to another victim.<\/p>\n

To make matters even worse, the technique isn\u2019t limited to email. There have been instances of people receiving continuous phone calls, in an effort to keep the fraud departments of financial institutions from reaching the victims. Although the practice of nonsense email is not new, this new approach could be devastating to anyone caught in its web. Security experts point out that this type of campaign is still not a common occurrence, and as such this could only be the beginning of a painful new headache for anyone who\u2019s vulnerable to identity theft.<\/p>\n

There\u2019s another possible angle that the article doesn\u2019t pick up on. Spam filters, like most security monitoring methods, work on a combination of heuristics and libraries that, while far more sophisticated than anything we had ten years ago, is still fallible. That\u2019s what definition updates are for. It\u2019s not a stretch to imagine that these campaigns may be using the botnet messages to confound the spam filters while a fraud is being perpetrated, perhaps in an attempt to get the legitimate receipts and transactions dumped to the junk folder.<\/p>\n","protected":false},"excerpt":{"rendered":"