New stock spam?! Are you insane? [CSOC.OB]

Over the past two days, only my spam-fighting email addresses have begun to receive a ridiculous amount of stock spam promoting a company called Caduceus Software Systems Corp. Stock symbol CSOC.OB.

Unless this individual has a serious desire to join Al Ralsky in prison, I fail to see the attraction of trying a new stock spam campaign. Ever since Al Ralsky's arrest and conviction, and especially after the SEC's shaming after the Bernie Madoff affair, the attention to this type of fraud has gone up significantly. This is a particularly stupid and very public move on behalf of this moron spammer.

But it also indicates a few things, just as stock spamming has for years.

Stock spamming has routinely been a "quick fix" replacement for any other type of spam campaign which gets shut down or severely hindered. In 2006 prior o the shutdown of AffKing and the indictments and fines against Shane and Lance Atkinson, numerous spammers promoting AffKing would switch immediately to stock spamming whenever the money dried up for any AffKing spamming, or especially when AffKing had to lay low to fix one or another problem. You could practically set your watch to it, it was that consistent.

My recently developed Nigerian ScamerAtor™ is a tool that I had been using for a long while to report up to 200 or so Nigerian scamming email addresses. I ramped up my own reporting over the past four months, and decided to make that tool public. Is it a coincidence that I now see stock spam so soon after putting that utility into the public domain? (Probably.)

The good news is: stock spam means that the spammer probably lost money, or is in the midst of losing money. It may also indicate a wish to get caught. (As mentioned: this is a particularly stupid thing to do as a spammer.)

Never buy a stock promoted by someone you've never heard of, especially if they're sending you 70 - 100 spam messages over only a few hours.

Note also that they have done some Google-jacking to make sure any mention of this company only shows articles which support the spam campaign. This indicates that this is an experience stock spammer. I wouldn't be surprised to hear that this somehow relates back to the same crew that Ralsky was using for years.

To whoever you are: good luck in jail.

SiL / IKS / concerned citizen

The Nigerian ScamerAtor™!

The Nigerian ScamerAtor™!

Over the past ten years or so I have been sporadically reporting "Nigerian Scam" spam messages to the email vendors these criminals abuse.

I'm going to assume that you know what a Nigerian Scam is. They've been in existence since the mid-90's, and they re-use a lot of the same ruses to entice their victims to part with some - and in some cases nearly all - of their money. Many of you may remember my experiment over the past two years to tabulate how much I would have "won" from these alleged inheritances, lotteries, funds and other ridiculous scams. I also kept tabs on how much I would have "inherited" or "won" from November 2009 to the end of 2010. The final total was $100,319,915,673.22 USD (100.3 Billion dollars.)

In November 2008 I wrote a detailed posting describing how anyone could report these scam messages, and about the reliability and timeliness of the responses and cancellations of these offending accounts. At that time, Hotmail and Yahoo were two of the worst at getting accounts removed which were actively being used in this patently criminal activity. Fast forward to today - and especially the past six months - and that situation has greatly changed for the better.

Hotmail is now cancelling these offending account in as little as ten minutes of receiving my report. This is a huge, huge difference and I applaud this drastic change in their responses to these reports. I would report a new scammer's Hotmail / MSN Live Mail account within a few seconds of receiving one of them, and 10 - 15 minutes later it would be shut down.

It's important to note that they won't shut down just any account. You have to explain to them why the account is being used fraudulently, and explain where in the message the offending account appears. If your reporting to them is consistent, they shut the account down, simple as that.

Per day, I was receiving from 60 - 80 of these scam messages every single day. Once I started cc'ing the criminal's account on my reports, that account saw a precipitous drop in the volume of Nigerian Scam spam messages received every day. Now it's one or two a day. For that account, Nigerian scam messages are the only spam it receives. All the pharmacy spammers gave up on that account two years ago.

I also received a small handful of replies from the criminals on the other side of these accounts. Some of them demanded that I stop reporting them. I replied that they shouldn't have me in their lists in the first place. Some boasted that this would do nothing, that they would just create thousands of other new accounts. But then after a few weeks I received another message pleading for me to stop. All of this indicates that these reports work, even if it's just one person doing them.

So I decided to create a tool that automates the creation of these detailed reports so that a lot more people could join me in trying to put a major dent in this malicious activity, and I called it the Nigerian ScamerAtor™.

You can download it here:

http://www.spamtrackers.eu/downloads/files.php?fid=90
[Link last updated Jun. 24th, 2012 - v.1.6]

Instructions:

• Download the file
• Unzip the file
• Open the html file in a browser of your choice (as always, I recommend FireFox.)
• Choose the email vendor this criminal is abusing from the drop-down list.
• Enter the offending email address
• (Optional) Choose which fake scenario this criminal is claiming to present. (Lottery, fund, FBI, UN, etc.)
• Choose where this email address appears (headers, body, both.)
• Enter the message headers
• Enter the message body
• Click on the "Go!" button
• A message will be generated for you including the "to", "subject" and a detailed message for the abuse team you wish to send it to.
• Copy that into an actual email and send.

I'm discovering that some of the lesser-known of these email vendors - Blumail.org, Superposta, Globomail, etc. - are far less responsive, so it's unclear whether this will ultimately have any effect at all on these messages, but I figure with more volume of these complains coming in, somebody would have to take notice.

Both Gmail and Yahoo now only process these abuse reports via online forms. No emails, period. They also do not respond to any reports but I did some randomized testing and it appears that within 24 hours the reported accounts are indeed terminated. I wish that they would be more communicative of this but at least they do shut the accounts down.

I welcome responses as to further features you think this tool could use, and especially any reports of major successes.

As always, thanks for reading.

SiL / IKS / concerned citizen