Sophisticated Spam Attacks

In a recent status on Facebook, I remarked how spam started to act slightly intelligent, making use of my surname to give it a sense of authenticity.

Still, it is miles away from anything that looks remotely realistic. What’s the chance anyone wins a $1 billion lottery from a relatively unknown bank in the middle of Africa?

The exaggerated story, together with middle-east names and terrible spelling/grammar mistakes makes spam relatively easy to:

  • identify intelligently
  • filter by looking at common patterns


If I were a spammer, what would I do?

First of all, find a real story writer. Even my 9-year-old sister could come up with believable stories.

Secondly, make sure the writer knows the language. It can’t be that hard in this era…there are plenty of online proofreaders around!

Thirdly, bulk email lists are overrated. Think of every victim of yours as a potential customer; so you need to “advertise” your service in a way the user must really fall for.

For example, I noticed that loads of people leave out email addresses in source code hosted on github/bitbucket/etc. One can easily link up the full name and email in the source with, say, a Linkedin profile. If, for instance, you know this particular person is a fan of PHP, send him/her an email regarding a PHP-script-writing competition he just won! 😀