Spammers are relentless in their attempts to bypass anti-spam filters and confuse recipients of spam. Recently we detected a mass mailing disguised as an automated reply to a request to unsubscribe from a news blog. The authors noted their regret at losing one of their subscribers and asked if the user really wanted to unsubscribe.
Phrases like "We regret your decision to unsubscribe" do indeed appear in responses sent following requests to unsubscribe. However, there followed some unusual text in which the senders also regretfully informed the recipient that they had also unsubscribed him from other information mailings on subjects such as:
- Driving licenses without medical certificates
- Bankruptcy procedures for legal entities
- Bank licenses
- Setting up businesses abroad
- Real estate with a 50% discount
These are typical spam topics which, in this case, were disguised as information blocks. Why were the messages so suspicious? Because the senders didn't even mention the name of the blog, site or journal from which the user was supposed to have unsubscribed.
The name of the unsubscribed service wasn't in the sender's domain name either - the address contained only one phrase that translates as "driving license right now" (spammers frequently use words related to the topic of the message in new domains), and the messages were sent in the month the domain was created. There were no links to prolong the subscription. It looks like the spammers thought that any interested users would reply to the message and receive a whole variety of spam mailings related to the chosen topic.
An even more insolent mailing stated that for a certain amount of money the spammers would tell the recipient how they found out his/her email address and why the mail box was full of spam messages. The information cost just $3.50. In order to pay for the information, the user had to click a link at the end of the message.
The link led to the site called End of Spam where the user could view a full pricelist. For instance, the user could remove his/her email address from spam mailing lists for a $1.50 payment via PayPal. Information on how the spammers found out about the user's email address cost $3.50. The fraudsters reminded the user to state their email address so that they "know which email address to unsubscribe".
All of the links led to a PayPal page with a set payment document. If the user was already authorized in PayPal system, he/she simply had to press the button "Buy Now" and transfer his/her money to goodness knows where.
Of course, this is unlikely to halt the spam mailings - it's hard to believe that the senders know all the spammers in the world and can stop their mailings at the request of a user. Besides, after the money transfer, the stream of unsolicited correspondence may even increase after the address is confirmed as being valid and the user's naivety is noted. In the worst case scenario, the user's personal data from the money transfer payment could be used.