Stardate 60632.91 - Smart Spam? Not So Much.

Spam is getting smarter and smarter. They are embedding the entire message in a graphic, they are using more and more legitimate sounding subject lines, as well as various other techniques to by-pass the spam filters. I seem to be in the middle of a mini-surge of it right now.

I got an e-mail on Friday that, at first glance, appeared to be legitimate. It had a Word document as an attachment, but the subject line, text, and From lines all appeared normal (at first glance). Here is the e-mail, minus the key spam indicator (I've also deleted my e-mail address):

So lets review:
  1. Subject line is legitimate. I get invoices from subcontractors and they frequently have subject lines very similar to this one.
  2. From line is legitimate (mostly, but more on that later). It has a reasonable-sounding name.
  3. Body text, while sparse, might be what you would expect some type of automated system to spit out, so while questionable, it could be legitimate.
  4. Attachment is a word document of reasonable size to be an invoice, with a legitimate (while obvious) name.
Here is where I got suspicious:
  1. The e-mail address it is to is my personal address. It was not my work address (all my e-mail comes into a single tool, so I only know work vs. home by the To: line).
  2. I didn't recognize the name on the From: line as anyone from subcontracts or any of the organizations I work with.
Then I looked at the expanded e-mail address on the From: line:

Carlene Sanders []

Yep! Spam!

Lesson: If you are going to all the trouble to make everything as legitimate as possible, don't use fuck-her-melons as your fake domain name.



