I have a lot of security delicacies “on my plate” but SPAM isn’t one of them. Back at the salt mines, that’s someone else’s problem. Suffice to say I’ve ignored the subject for years, considering it’s fairly well handled by all the Web mail accounts I have floating around (Yahoo, Hotmail, Gmail, et cetera).
I never even look at the stuff.
However, there is this woman – let’s call her “Helen Dink” – who is no relation to me but by some strange quirk of fate we share the same ISP. She believes her e-mail address is hdink@myisp.com, but it’s not. That’s my email address. I’ve had that address for almost ten years now, but whenever she goes to fill out Web forms online she plugs in my email address!
So I get a lot of her email.
This has been going on for at least five years. I know more about this woman than I want to (yes, she’s a Facebook user). Her friends constantly send me email about a variety of crap, from Girl Scout meeting notices to recipes and the like. It’s incredibly annoying and for the past few years I’ve been writing them back and letting them know, in no uncertain terms that I am not “Helen Dink” and to please remove my email address from their “Contacts” folder.
So today I got an email from “Andrea Wilson”, a normal-sounding American name. Thinking it’s one of Helen’s buddies I open it up in order to send my standard reply to these things.
But it’s not. It’s a 419 scam email…
I am Golan Bradley a staff of Natwest Bank ,I am pleased to pass across to you a very urgent and profitable business proposal which I believe will profit the both of us after completion.I will await to receive a positive response from you to enable me give more details Please send your confidential telephone and fax number in your reply to: golan.bradley@removed.com Golan Bradley(Mr.)
The security wonk inside me kicks in and I decide to look at the SMTP headers, thinking I’d be able to track it back to Nigeria or Cameroon (hi, fellas!).
But the headers were extremely legit. The email went through 2 Exchange servers, a Symantec Brightmail Gateway (an anti-SPAM device), and a ZIX encryption device before ending up at my ISP.
“Andrea Wilson” turns out to be a Real Person™ who works at a hospital in Texas. And, not surprisingly, she’s an active Facebook user. Obviously her workstation or laptop or whatever had been summarily pwn3d and was being used to deliver 419 SPAM for person or persons unknown.
Well, that’s her problem.
I briefly toyed with the idea of writing her back and suggesting she have the IT department check out her box, but that’s a notoriously bad idea and generally frowned upon (this comes from the heyday of email viruses, when sending a “HEY ASSHOLE YOUR COMPUTER HAS A VIRUS” email only served to exacerbate the problem).
Maybe I’ve been away from SPAM for too long, but it seems unusual to see legitimate SMTP headers from an obviously corporate environment, considering that lately the vast majority of SPAM comes from Yahoo, Gmail, Hotmail, et cetera.
Everything old is new again.
