We all receive spam email. Everyday. Typically they end up in the “spam” folder and we never even get to see them. I never did really care about them and normally erase as soon as possible. This one got my attention as it ended up in my inbox on of my fictive emails (doesn’t everybody has that?) and I decided to play along to see where is everything going.
- relatively ok grammar – he could have tried more with the little details, but overall it’s a well written text. Normally these are poorly written and contain many grammar mistakes
- fancy formulation – he used not-that-common phrases and expressions. +1 for … ?
- pie-in-the-sky effect – ok, so I’m the lucky person to get into this million-dollar “transaction”. How the heck was it me ? Is it because I’m that lucky ? -1 for credibility
What I tried to understand was how people are getting fooled by this. What are the questions that one should ask himself to understand the validity of a message ? Of course, it wouldn’t even come to that if people were sticking to the simple principle of not opening/replying to unsolicited email coming from unknown persons.
Initial email (bait)
Good Day, I am contacting you regarding large deposit of money in my bank in China which I can transfer to you as the beneficiary. The project is without risk having been carefully planned. For more explanation, contact me on the email: email@example.com
It wouldn’t had made sense to copy the entire texts here, so feel free to download the .eml files from below
My goal was to get some more contact info or even a Skype chat with the guy but he didn’t go for it. He even went on and tried to build some trust by attaching a Chinese passport – I didn’t find in ~2 min of googling, so I’m guessing he did some photoshoping himself.
Some tech details
- Initial sender email : firstname.lastname@example.org
- Initial SMTP IP address : 126.96.36.199 (http://www.spamhaus.org/query/bl?ip=188.8.131.52)
- Associated country : Republic of Korea
- Secondary sender email : email@example.com
- Associated country : Singapore
And still trying in 2015 after repeated attempts reported from 2013 ?! They must be running out of ideas or this is actually working.