Spam & Phishing

No Picture

“Ze Foreign Accent” spam is back

Twelve years ago the IT security world was fighting against an unprecedented amount of spam emails. Spam is not and never was just a nuisance; it is a big problem because it slows down the good emails and takes up resources. Together with Virus Bulletin and some antispam researchers from various companies, a list called “The Spammer Compendium” was created.  This list contains methods used by spammers to trick spam filters and to have their emails delivered to the end users. One of the methods listed there is called “Ze Foreign Accent” spam or(BWO!Accent!Plain). The main characteristic of this method is…

Spam with a malicious taste (update)

This post appeared originally in: IT Security blog:   I haven’t seen in a while a well done complex spam with malicious payload. This one appears to be addressed to first name of the email recipient. As you can see in the subject, it is addressed to “SORIN” since my email address is sorin.mustaca@… The spam contains a nice piece of social engineering which creates enough curiosity to the reader to open the attached archive.   The archive is called “Notice_to_appear_in_court_<random number>.zip. The only file in the archive is a JavaScript file extremely obfuscated : Notice_to_Appear_000483082.doc.js. First of all, I asked…

No Picture

Spam impersonating PayPal using attached form

A classical phishing email… Nothing special (same bad English, as always). Dear Valued Customer, Unauthorized access has been detected in your account. Unfortunately, due to this event, our security system has limited the access to your account. Account Limitations prevent you from completing certain actions with your account, such as withdrawing, sending, or receiving money. These limitations are implemented when we see unusual or suspicious activity to help protect both PayPal buyers and sellers. Please verify your account by completing the form which is attached in this email. By doing this, restrictions in your account will be lifted. We apologize…

No Picture

“There’s a new personal notification message special for ” – a scam for “Linked In”

“There’s a new personal notification message special for Sorin Mustaca” is the subject of the email pretending to come from “Automation LinkedInNotifier”. But then, why is it coming from “” ? Come on spammers, you disappoint me 🙂 Anybody can see it is a fake… And “Linked In” ? Not even this is right…   It is just an online pharmacy … from Russia “with a lot of Love”:

No Picture

8. You unsubscribe from spams: 10 signs you should invest in your personal cybersecurity

You unsubscribe from commercial emails that you never requested Remember that spam emails are made to look authentic. This means that they will almost always contain some links which allow you to unsubscribe. But, instead of that they just make you verify that your emailaddress is valid. Don’t unsubscribe! Just mark the email as spam and the email client will do the rest. If you know how to do that, report it to SpamCop or other organizations that deal with spam.  

No Picture

“Ze Foreign Accent” spam returns

Remember the Spammer’s Compendium (where I have a spam method named after me: (UH!Mustaca!HTML))? There is an entry from 2003 called “Ze Foreign Accent“. Back then it was rather primitive, but now it comes in a much improved (if we can say that) form:   The link on “Click here” goes to a Google Drive hosted site which was erased in the meanwhile. Fortunately, GMail detects it as spam as you can see in the picture.

No Picture

How do you react if you receive an email with subject “Your file has been uploaded”?

A spam campaign sending emails from an “Auto ImageService” with the subject “Your file has been uploaded” is making its round on the Internet. The content of the email (see below) is very simple and advertises a link to a photo taken with a digital camera (DCIM stands for Digital Camera IMages) which was allegedly uploaded to some online image service. And now to my question: How do you react if you see such an email in your Inbox ?     I guess, most people would think: “What file? Oh, a photo? Hmm…” And here it goes: – You know…

No Picture

“Your messages will be deleted soon” – Facebook spam

It seems that the most research on social engineering is done these days by spammers. Using the text “You haven’t been to Facebook for a few days, and a lot happened while you were away”, the spam message contains the trigger which will make many people click on the message: “Your messages will be deleted soon” Ohhhh, so, if you don’t click on “View messages” then the messages will be deleted?. This is a good one. To all those who really think that something like this is possible: Stay calm, nobody is ever going to delete your messages. And, Facebook…

No Picture

Stock Spam is back!

Stock Spam is back! Did you miss it? I certainly didn’t…     What is interesting ? All these emails are unique. They are created for each email address and contain a unique identifier like 7b9212dcf62a731709b131d84f6e1cb8ec6e44d0bba47030be135d9f. This shows to me that they are generated using the same spam generator. They are being sent using compromised accounts and servers. Fortunately, GMail catches all of them.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.