Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":68,"date":"2014-05-22T17:56:21","date_gmt":"2014-05-22T17:56:21","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=68"},"modified":"2019-04-17T12:24:49","modified_gmt":"2019-04-17T12:24:49","slug":"tumblr-succumbs-to-chain-spam-scam-crayon-makers-cheer","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2014\/05\/22\/tumblr-succumbs-to-chain-spam-scam-crayon-makers-cheer\/","title":{"rendered":"Tumblr Succumbs to Chain Spam Scam; Crayon Makers Cheer"},"content":{"rendered":"

The popular reblogging site Tumblr has seen a marked uptake of users roped-in by a threatening message, according to GFI Labs\u2019 Jovi Umawing.<\/p>\n

$\"crayons\"$ Did you ever wonder why spam scammers waste their time barraging people with messages that seem, well, just plain dumb? Surely they aren\u2019t doing it because, for the sake of their health, the spammers\u2019 doctors told them to get out and annoy people three times a week. So we\u2019d like to think, anyway. But the level \u2013 or lack thereof \u2013 of ingenuity seems to prove the point that these guys aren\u2019t the sharpest pencils in the box. Take a look at some evidence, this from Pedro:<\/p>\n

FROM: Pedro
\nSubject: CONGRATULATIONS!!<\/p>\n

Dear Email Owner,<\/p>\n

We happily announce to you the Email Support Programme results which you were declared a winner in the Email Draw Category. You have therefore been approved to receive the sum of \u0402500,000.00EUROS. To receive this prize money, send an email Mr Carlos Pedro. Mr. Carlos is expected to process your prize payment immediately he receives an email from you confirming receipt of this message.<\/p>\n

Email: (address removed to protect the guilty)<\/p>\n

Not very personal, is it? Or well thought-out. Is this from Pedro or not? If so, why does he refer to himself in the third person? Is Pedro his first or last name? Depending on where you read, it is both. And why all the generosity? As of this morning \u2013 if my Junk e-Mail folder has anything to say about it \u2013 I am worth more than Bill Gates and Steve Jobs combined. And here I thought I had to work for my money. Of course, the tricky part will be collecting all my riches.<\/p>\n

Seriously, why? Why would (does) anyone buy into the sheer stupidity? Clearly, this is junk, sent with no actual identification or acknowledgement of the recipient. To some, sending this may seem like futility to the point of being ludicrous. Why would anyone waste their time constructing and sending something that looks like the first draft was done in crayon, right after recess and just before nap time? In fact, this very real spam email, sent from an obscure address and without a lot of redeeming things to say about it, is totally harmless by virtue of its lack of imagination. If a barometer was the measuring device, this message would indicate sunny days ahead.<\/p>\n

But when spammers get it right, the barometer spikes to unprecedented levels: showers with a chance of Armageddon. Take, for example, an interesting article<\/a> written by GFI Labs\u2019 Jovi Umawing, who blogged this week about the popular site Tumblr.com<\/a>, and how it has been inundated with a Tsunami-like wave of users who, upon receiving a message that threatened to cancel their accounts if they didn\u2019t click, did just that. They clicked. As of May 16th, that amounted to more than 137,000 of them.<\/p>\n

If you\u2019re not familiar with Tumblr, it\u2019s a site that\u2019s part blog, part social media. In fact, as Umawing reports, \u201cit’s not exactly like Twitter, nor is it a Facebook or a YouTube. It does a little bit of all three, actually, and for many Tumblr is in a league of its own.\u201d<\/p>\n

Tumblr is a reblogging site, which means that users, upon reading or seeing something that they think is worthwhile, can repost to their own wall. According to GFI\u2019s Umawing, that functionality \u2013 easy to use and light on the number of clicks \u2013 makes sites like Tumblr a perfect target for spammers. This week, The Register picked up on the story, stating<\/a> that, \u201cthe fake messages falsely warned that \u2018your blog will be deleted unless you repost this\u2019 note, which claimed that Tumblr was drawing up a list of inactive profiles.\u201d<\/p>\n

The spammer\u2019s biggest tool in his arsenal is fear, and it seems that Tumblr users stumbled right into the trap. In fact, the Tumblr spammers seem a little more savvy than Mr. Carlos above, seemingly keying in on the fact that Tumblr\u2019s interface doesn\u2019t allow for easy flagging of the scam. According to The Register, \u201cthe Tumblr chain letter took advantage of a shortcoming in the reblog function on the site that meant that more clued-up users could only warn about the scam by reposting the dodgy message themselves.\u201d<\/p>\n

\u201cEven then,” writes GFI\u2019s Umawing, “those users had to reblog the message so they could leave their \u2018This is fake\u2019 comment – a Tumblr<\/em>restriction, you usually have to reblog to leave a comment – which doesn’t exactly help matters.\u201d The Register quotes Umawing as saying that, \u201cthe only way users can really warn others is by adding a note to the comments, and the only way to do that is to reblog the original message, thus spreading it further.\u201d<\/p>\n

Now, this is nothing new. Facebook and Twitter have been targets for a long time, with some<\/a> success<\/a>. It\u2019s not remarkable that another social networking site has been targeted for spamming, or even that a relatively large number of users took a giant bite out of it, hook, line and sinker. It\u2019s not even remarkable that a flaw, albeit minor, in Tumblr\u2019s interface actually added to the problem by helping propagate the spread of the spam. Facebook, in particular, has come under scrutiny for its moving target of an interface and ever-changing security levels. No, what makes this story interesting is just how remarkably simple it is to entice people to click. It doesn\u2019t have to be elaborate. It doesn\u2019t even have to be sophisticated. It just has to scare them a little.<\/p>\n

I, for one, hope that the Mr. Pedros of the world don\u2019t pick up on just how truly easy it is. The run on crayons might cause a worldwide shortage.<\/p>\n","protected":false},"excerpt":{"rendered":"