Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Spam Businesses The Almighty Buck

Spam Is Back (theoutline.com) 154

Jon Christian, writing for The Outline: For a while, spam -- unsolicited bulk messages sent for commercial or fraudulent purposes -- seemed to be fading away. The 2003 CAN-SPAM Act mandated unsubscribe links in email marketing campaigns and criminalized attempts to hide the sender's identity, while sophisticated filters on what were then cutting-edge email providers like Gmail buried unwanted messages in out-of-sight spam folders. In 2004, Microsoft co-founder Bill Gates told a crowd at the World Economic Forum that "two years from now, spam will be solved." In 2011, cybersecurity reporter Brian Krebs noted that increasingly tech savvy law enforcement efforts were shutting down major spam operators -- including SpamIt.com, alleged to be a major hub in a Russian digital criminal organization that was responsible for an estimated fifth of the world's spam. These efforts meant that the proportion of all emails that are spam has slowly fallen to a low of about 50 percent in recent years, according to Symantec research.

But it's 2017, and spam has clawed itself back from the grave. It shows up on social media and dating sites as bots hoping to lure you into downloading malware or clicking an affiliate link. It creeps onto your phone as text messages and robocalls that ring you five times a day about luxury cruises and fictitious tax bills. Networks associated with the buzzy new cryptocurrency system Ethereum have been plagued with spam. Facebook recently fought a six-month battle against a spam operation that was administering fake accounts in Bangladesh, Indonesia, Saudi Arabia, and other countries. Last year, a Chicago resident sued the Trump campaign for allegedly sending unsolicited text message spam; this past November, ZDNet reported that voters were being inundated with political text messages they never signed up for. Apps can be horrid spam vectors, too. Repeated mass data breaches that include contact information, such as the Yahoo breach in which 3 billion user accounts were exposed, surely haven't helped. Meanwhile, you, me, and everyone we know is being plagued by robocalls.

This discussion has been archived. No new comments can be posted.

Spam Is Back

Comments Filter:
  • by Anonymous Coward

    And it's a spam caller, I set the phone down and wait for the call to end. Make those guys use some of their resources.

    • by ShanghaiBill ( 739463 ) on Monday November 20, 2017 @12:04PM (#55587863)

      And it's a spam caller, I set the phone down and wait for the call to end. Make those guys use some of their resources.

      I receive more and more calls that are voice-recognition bots. They ask questions, and are programmed to respond to the replies. If I go "off script" and start asking questions or giving nonsensical replies, they will loop a few times and hang up. They will also loop and then hang up if I just stop replying.

      If your caller is one of these bots, then they aren't using any human time. If you want to cost them, you need to give a few "right" answers so you can be transferred to a human.

      These bots are clearly the future of robo-calls. They will get more sophisticated, and it will get harder and harder to tell that you aren't talking to a human. The obvious countermeasure is to have your own bot answer your phone and screen your calls before passing them on to you.

      • The obvious countermeasure is to have your own bot answer your phone

        That's what I do. If I don't recognize the number, I'll let the answering machine take the call.

        • by Anonymous Coward

          Yep, I started screening all my calls as well.

          One interesting tid-bit, is they seem to like to match my area code, and the first 3 digits of my number when calling, I guess to make the number look more authentic? To me it's a suspicious coincidence that tips me off.

          Here's the funny thing though:
          I let it go to my machine, and my message is setup to piss people off.
          "Hello? ... ... ... I'm not here right now... etc."
          Before I set it up my voice mail, they would just hang up if it went to VM. Now I often times g

          • by Rakarra ( 112805 ) on Monday November 20, 2017 @12:50PM (#55588321)

            One interesting tid-bit, is they seem to like to match my area code, and the first 3 digits of my number when calling,

            I have noticed this quite a bit as well. My default assumption now when I see my area code and the first 3 digits of number on CallerID is that it's a spam call, and I don't answer. The call-number spoofing problem has gotten out of hand.

            • I do the same as I have moved 4 different times since I received my cell number. So unless it comes up as family I ignore it.

              Each time I moved it was to a new area code.

            • Would love to get a dialer option to reject the low-hanging fruit that is (xxx)yyy-nnnn with a single checkbox. Unfortunately phone companies make some cash on blocking features such as autoblock hidden numbers (aka private callers) and that's something I've only seen on landline providers anyway. My cell company used to have a web-customizable SMS spam blacklist but it mysteriously went away

              Sucks that I also can't blacklist numbers until AFTER they've called... Regex functionality would be nice, and the be

      • I set my default ring to silent, and only give an audible ring to those I know. If I ignore a genuine call they can leave me a voicemail. I put ignored calls on my auto-refect list.
        I wish Verizon would allow two default rings, one for callers on your contact list, and one for other callers.

      • That's why I answer calls from unrecognized numbers in Classical Latin. Nobody programs bots for it. Hell, nobody programs PEOPLE for it - it's not in their script anywhere.

        And it's a really beautiful language for telling people to go fuck themselves in.

        • Do tell, "How shall we fuck off, oh Lord?"
          • It's mostly that Latin has a bunch of different words for "fuck", not just one, and they vary by "configuration". It's like if we had words for "ass-fuck" and "face-fuck" without having a general "fuck".

            So one might say "pedica se", to tell them to go fuck their own ass (with an implication of pederasty), or "irruma sororem tuum", to tell them to go skull-fuck their sister (or possibly cousin, because the Romans had weird priorities when it came to giving things words). You've also got "cevere" for "get fuc

      • whitelist. Unless I know you already, you are a spammer.

      • > The obvious countermeasure is to have your own bot answer your phone and screen your calls before passing them on to you.

        LOL... if I had some robot screening my phone calls when I call my friends, they wouldn't be my friends anymore.. seriously... only a nerd can think of something like this and get away with it.
    • by ls671 ( 1122017 )

      I have a personal database of spam callers and when such a number calls, I just pretend the phone rings but it doesn't. After a while, they are sent to a spammer voicemail box that sounds just like my real one. I review this voicemail box once in a while just in case since I also send anonymous caller there.

      I have a special number that I only give to people I know that have anonymous showing up as their callerID. They need to enter a special code on top of this to join me.

      I don't answer when I don't recogni

  • by magarity ( 164372 ) on Monday November 20, 2017 @11:48AM (#55587673)

    Does anyone else get these a lot on their cell? It seems as if Mr. Likely calls me daily. I wish I could just block him but he changes number frequently.

    • I believe that's a feature of the T-Mobile network. I don't know how it works, but I like it!

      • I believe that's a feature of the T-Mobile network. I don't know how it works, but I like it!

        Some people have apparently even mis-credited Apple [payetteforward.com] for the feature.
        Unfortunately all these features ("Scam ID" and "Scam block" and "Name ID") require a post-paid plan to work - https://explore.t-mobile.com/c... [t-mobile.com]

        Their Prepaid service has a static monthly price tag but lacks Visual voicemail and the above features.

  • I never knew it decreased. When I check, I see that I still get tons, but my spam filters keep it at bay for the most part. If anything, the new kind (random phone calls on my cell/mobile everyday) is even worse than the old kind.

  • We need a micropayment system where all messages contain some payment. I then set my email reader to only preserve messages that contain at least 10 cents. My friends can pony up that money if they want me to read something.

    And do not post the "why your email solution won't work" check list. That is perfect being the enemy of good.

    • Get Google to implement it with Google Pay, and integrate it into Gmail. Other email services could opt-in using secure payment tokens in email headers.

      The micropayments should roughly balance... just not for spammers.

      Emails which don't include a micropayment can continue to be spam-filtered as usual.

    • >And do not post the "why your email solution won't work" check list.

      So you already know your solution won't work, you've been told many times, and yet you still propose the same, unworkable solution.

      Why?

    • What happens when the spammers have a larger email budget than your friends?
    • Great idea! You first. Set up a server and start by paying other people to read your E-Mail.

      I'll wait.

    • by Anonymous Coward

      Your post advocates a

      ( X ) technical ( ) legislative ( ) market-based ( ) vigilante

      approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

      ( ) Spammers can easily use it to harvest email addresses
      ( ) Mailing lists and other legitimate email uses would be affected
      ( ) No one will be able to find the guy or collect the mo

    • We sort of have that with Outlook creating a postmark which served as a proof of work. However, with spammers having plenty of CPU cycles available, this seems to have been phased out.

      What might be interesting might be a proof of work system with a very small granularity, so one could mine a unit of currency with a relatively small amount of CPU spent, and then send that as part of the E-mail. That way, one could set E-mail thresholds fairly easily, and even if the message was crap, it at least added some

  • Retrain DEA agents to go after spammers.

  • by Entropius ( 188861 ) on Monday November 20, 2017 @12:00PM (#55587809)

    Junk paper mail -- the local grocery stores all sending out circulars to "current resident" telling me how much ham costs -- is a worse plague than anything electronic. There are no laws against it (since the USPS gets cash from the spammers), there's no way to filter it (since it's physical), you're required to constantly check it (or else the box gets full and USPS gets butthurt), and you can't stop using that communication channel (since the government uses it, and if you don't get their shit then they get butthurt and they have guns).

    I suspect that the drain on the environment from paper spam is orders of magnitude higher than for e-spam, too.

    • by Anonymous Coward

      Paper spam at least can be useful for tinder, protecting surfaces while doing dirty work, stuffing into shoes and many more. Can't say the same for electronic spam.

    • My trash and recycling cans are near my mailbox, I subscribe to several magazines and one newspaper. The junk mail goes directly into the trash. The USPS has a special rate for junk mail, bulk rate that costs much less than what you or I pay to mail a letter or bill. So I pay twice-once for the junk subsidy and again for a 49 cent stamp. Screw that. https://pe.usps.com/businessma... [usps.com] .
    • by Anonymous Coward

      1 simple law and a sticker on the mailbox solve this problem effectively. http://community.expatica.com/... [expatica.com]

    • by sinij ( 911942 )
      Have you tried "Please no junk mail" label in/on your mail box?
      • Yes, and I've tried talking to the post office and mail carrier. They insist that they are being paid to deliver junk mail and that no action on my part can make them stop delivering it.

        • by sinij ( 911942 )
          I think additional social engineering could help you find a solution. Is it possible for you to have two mail boxes, one for junk mail and one for addressed letters? Perhaps they would do sorting for you?
        • I've tried talking to the post office and mail carrier. They insist that they are being paid to deliver junk mail and that no action on my part can make them stop delivering it.

          That's not true: there's a way to stop them, if you want to take the trouble to implement it. You might have to google around for it, but I'll provide a link to get you started.

          So, basically, your post office has a form that you can fill for blocking "erotically arousing or sexually provocative" junk mail: PS Form 1500.

          You must be

    • I solved this problem by physically removing my mailbox, and having all my mail sent to my office. I still get crappy catalogs and occasional credit card offers, but all the bulk mail junk is gone as they don't deliver it to business addresses. But I do now have to constantly explain to exasperated people that I'm not some kind of Ted Kaczynski style freak simply because I have no mailbox at my house.
    • by jonwil ( 467024 )

      I actually like getting the junk mail. More than once I have seen something in the junk mail that has caused me to go to a different supermarket that's further away because they have meat or other things at a significantly cheaper price than either of my local supermarkets.

    • by Trogre ( 513942 )

      It's like your entire country has never heard of No Junk Mail stickers.

      Amazing.

    • I get two types of junk mail: local (from super markets, local businesses, etc) and national (jewelery, clothes, etc). Both types include a phone number to call to get removed from these mailings. I tried. It worked. No more junk mail.
  • Spam never went away (Score:5, Informative)

    by damn_registrars ( 1103043 ) <damn.registrars@gmail.com> on Monday November 20, 2017 @12:03PM (#55587851) Homepage Journal
    The spam never changed much, we just put more money and time into pushing it away. Now those efforts are failing in more obvious ways - the ways that those of us who were paying attention knew would happen.

    Filtering cannot solve the spam problem, as it only creates a race to the bottom of the signal:noise ratio. Spammers keep working on ways to get around filters by changing how they craft their messages; eventually making it so that more emails that should pass are not - at which point people start to complain that the filters aren't working.

    Similarly, law enforcement cannot solve it either unless there is a single set of international laws against it that apply to all people equally regardless of where they or their targets are. Obviously this will never happen. People call for all kinds of terrible things to be done to spammers but not only will that not happen it won't make the situation better as there is a nearly endless supply of spammers out there ready to fill the void.

    The only thing that works is to approach spam as the economic problem that it is. We need to stop pretending that spammers send out spam to piss people off; that is one of the dumbest lies on the internet. Spammers send out spam to make money. If you don't want spam, you need to do something to prevent spammers from getting paid. Cut off their cash flow and they go on to doing other things with their botnets instead.
    • by H3lldr0p ( 40304 )

      The only thing that works is to approach spam as the economic problem that it is. We need to stop pretending that spammers send out spam to piss people off; that is one of the dumbest lies on the internet. Spammers send out spam to make money. If you don't want spam, you need to do something to prevent spammers from getting paid. Cut off their cash flow and they go on to doing other things with their botnets instead.

      Or find way to employ the people who create spam such that the creation of said spam is less economically tenable. The idea of targeting them economically is a great idea but instead of doing so in a way which will leave them poorer why not try to employ their creativity in ways which benefit everyone?

      It might be harder but it would seem like a better choice for long term stability. Set a trend which demonstrates how spam creation doesn't lead to the fulfillment desired and you've now cut off air to the nex

      • The only thing that works is to approach spam as the economic problem that it is. We need to stop pretending that spammers send out spam to piss people off; that is one of the dumbest lies on the internet. Spammers send out spam to make money. If you don't want spam, you need to do something to prevent spammers from getting paid. Cut off their cash flow and they go on to doing other things with their botnets instead.

        Or find way to employ the people who create spam such that the creation of said spam is less economically tenable. The idea of targeting them economically is a great idea but instead of doing so in a way which will leave them poorer why not try to employ their creativity in ways which benefit everyone?

        That is a noble idea but it requires knowing who the spammers are and getting through to them on some sort of personal level. If you make it so that they cannot pay their bills by creating and sending spam, wouldn't you accomplish a similar end? I don't seek to harm the spammers though I do acknowledge that some of them are pretty awful people [krebsonsecurity.com], who I probably don't want to associate too closely with.

        Perhaps if we could incentivize more beneficial applications of their talents, then we could get there

        • by H3lldr0p ( 40304 )

          Indeed, my suggest relies heavily on some assumptions that may not bear out after further examination. Such as the spam isn't being conducted by a state actor for propaganda or other nefarious reasons. Which certainly exists and presents an entire different category of problems to handle.

          It seems like the first step to any solution would be to see who exactly is doing it.

          • To be fair I was taking - perhaps narrowly - the view of spam as being limited to the commercial variety that wants to sell shit. Indeed we know that there are other types of unwanted mail that get categorized as spam (even if they are not attempting to sell any product for money). Those are somewhat a different matter though if they are being propagated through traditional spam channels then the same economic approach could well apply.
        • That is a noble idea but it requires knowing who the spammers are and getting through to them on some sort of personal level.

          Agreed. My guess is that the vast majority of people are clever un(der)employed Africans and Eastern Europeans who don't give two shits about using their knowledge for public welfare. They are either greedy organised criminals or people wanting to put food on the table for their families. Unfortunately, spam is one phenomenon emerging from a multifarious global social problem (poverty on the one hand, brilliant physicists/mathematicians/computer scientists who lost their jobs when the USSR collapsed on the

  • Private numbers are the ones which piss me off. There's no reason someone should be able to call my cellphone without me seeing their number, I always file a police report for harassment when it happens.
    • Even worse--fake numbers. Only real numbers should be allowed on caller ID. At least there you have some chance of blocking and someone who constantly changes their phone number can be identified as a potential spammer/scammer.

  • I get spam. No idea if it is more or less than what it used to be. But no robocalls since ever. I believe that has to do with how things work in Europe (Belgium in my case)
    It is forbidden to sell customer data. You can also only send commercial information if you are a customer of a company. The law is a bit vague about when you stop being a customer. e.g. if you bought a car, when will they stop sending stuff without you asking them to stop it, is not really predefined. Just asking to stop will be honored

    • Over here in the Netherlands, companies can place unsollicited calls, but there's a national "do not call me" register that is respected by pretty much all Dutch companies. Similarly, there are stickers for the mailslot to indicate whether or not you want unsolicited crap and/or the free local newspapers, and those are respected as well. Pretty much all spam from European companies comes from firms that got your email address through legitimate means, e.g. you ordered something from them, and all contain
  • by 93 Escort Wagon ( 326346 ) on Monday November 20, 2017 @12:21PM (#55588021)

    It never left... at least, if my email is at all representative.

    Really the only thing CAN-SPAM changed is that, now, the spam I get mostly contains "unsubscribe" links which take you to a non-functional web form (on those rare occasions I even bother to check).

  • Spam never went away, it just moved: consider the many fraudulent advertisements scatted throughout the web. Same desired outcome, different medium.
  • I was signed up to Change.org's mailing list at one point. They would send out email alerts with links to petitions, sometimes from other progressive orgs. When you signed those petitions, you were automatically added to those other org's mailing lists.

    After about a week of this, something like 30% of my email was petition requests.

    I understand that getting the message out and making people aware of certain issues is important, but that just completely turned me off and I am no longer subscribed to ANY of those orgs.

    I also realize that these particular emails are not *technically* spam, since they do notify you in the fine print at the bottom of the petition, but my point is that these types of emails have become the new "spam" for me. Gmail filters the "normal" spam for me. I never see it, but these chain-mailing-list progressive orgs have got to stop. "Hey, thanks for signing that petition! As a reward, here's another progressive mailing list subscription for a cause you don't really care that much abut!" The one GOOD thing about these is at least they obey unsub requests.

  • ...As if I didn't already know.

  • Robocalls (Score:5, Informative)

    by duke_cheetah2003 ( 862933 ) on Monday November 20, 2017 @12:56PM (#55588367) Homepage

    About the only spam that bothers me is the robocalls. They are getting pretty bad. It ranges from 1-5 calls a day now. Very obnoxious. Do-not-call does seem to help, but the idiots who implemented that, it's expires after like what 6 months or a year, I dunno, but as soon as it expires, the calls skyrocket like the same day.

    What I'd really like to have on my smartphone is a whitelist for callers. I'm just done with these idiots. Not in my contact list: shunt to voicemail and pretend it never happened.

    • by Anonymous Coward

      Do-not-call does seem to help, but the idiots who implemented that, it's expires after like what 6 months or a year, I dunno, but as soon as it expires, the calls skyrocket like the same day.

      The FTC Do Not Call Registry does not expire [ftc.gov]. What you may get is idiot companies thinking it does, or spammer groups adding you to their list without checking the list. Report violations [donotcall.gov]. The FTC really doesn't have any way to go after violators if they aren't reported. It's rather quick to do online, and in my experience it does help eventually. (I imagine with enough people reporting a certain robocaller, the FTC eventually tracks them down and fines their ass into oblivion.)

      • Do-not-call does seem to help, but the idiots who implemented that, it's expires after like what 6 months or a year, I dunno, but as soon as it expires, the calls skyrocket like the same day.

        The FTC Do Not Call Registry does not expire [ftc.gov]. What you may get is idiot companies thinking it does, or spammer groups adding you to their list without checking the list. Report violations [donotcall.gov]. The FTC really doesn't have any way to go after violators if they aren't reported. It's rather quick to do online, and in my experience it does help eventually. (I imagine with enough people reporting a certain robocaller, the FTC eventually tracks them down and fines their ass into oblivion.)

        Pardon me a moment while I laugh hytserically. OK, all good. You really think Trump's FTC is going to give a flying F? They're probably working to dismantle the do-not-call list.

    • There are a few apps which will do this. I stopped using them though since they are add-ons, which means the call will still come through and generate a missed call notification or even sometimes ring once. More trouble than it was worth IMO
    • - Egg and bacon
    • - Egg, sausage and bacon
    • - Egg and Spam
    • - Egg, bacon and Spam
    • - Egg, bacon, sausage and Spam
    • - Spam, bacon, sausage and Spam
    • - Spam, egg, Spam, Spam, bacon and Spam
    • - Spam, Spam, Spam, egg and Spam
    • - Spam, Spam, Spam, Spam, Spam, Spam, baked beans, Spam, Spam, Spam and Spam
    • - Lobster Thermidor aux crevettes with a Mornay sauce, garnished with truffle pâté, brandy and a fried egg on top, and Spam.
  • I haven't been getting too much spam since quite long time ago. But the one I get is very weird like the one which I received right now [pastebin.com] (Slashdot doesn't support those characters).

    I have been getting an email similar to that one about 2-5 times per week for over the last quite a few months. They are always written in a language I cannot understand (sorry about that, obsessive spammers, but I can only understand Spanish, English and bit of German) and usually include the word SPAM in the title!! I have nev
    • I've been getting a fair amount of weird spam too, in addition to the typical vi@ggraa and c1a!as spam. A lot of it is in Spanish, and from what I can it's mostly B2B type spam targetting businesses in Latin and South America selling things like bulk wine for restaurants (huh?), training for HR departments (umm..??), and consulting services for dealing with regulatory issues with selling cosmetics (uhh...what???).

      At first I thought that maybe this stuff was a mistake or my email had somehow mistakenly got

      • A lot of it is in Spanish

        Curiously, I have never got this kind of nonsensical bulk spam in Spanish despite being a Spaniard myself currently living in Spain! Other than the languages I cannot understand as what is being shown in the link above, most of the spam of this sort which I get is in English.

        blasting this stuff out to harvested email addresses

        Yes, I guess that this is the most logical explanation: blindly targeting random email addresses. But such a level of carelessness seems ridiculously inefficient for them, even by bearing in mind that spamming in this way is already too

        • I find it odd too. Note that it's almost entirely Latin/South America, though I do occasionally get something that looks like it might have to do with Spain.

          I do get a fair number of Spanish spam from spammers trying to sell me "targeted" lists of email addresses. Amusingly many of these spammers seem to party like it's 1998, with free email dropboxes to contact them (Hotmail, Yahoo, etc.) and it appears that the lists themselves would to mailed on CD or DVD should someone actually buy them. I can only a

          • not in the spam itself. Basically a spamming service

            Interesting theory. It seems to make more sense than any other version. In any case and as said, I am not too concerned about anything of this for various reasons. I don't get almost any spam and ignore/make fun of the little amount which I get. I have never spammed anyone (unless when fighting back some spammer :)) and, in fact, consider that "technique" extremely negative for any business/activity. My work has never been even slightly related to spam or any other generic, invasive, crappy, lazy, dishonest

  • The e-mail spam that evades my filters is down to one or two a week now, but I'm getting around one call a day from some Desi asswipe pretending to be an IRS agent or a Marriott employee offering me a free vacation. I'd like to know how we in the west can support India's Serious Fraud Office in hunting down and beating the crap out of them.

    -jcr

  • "including SpamIt.com, alleged to be a major hub in a Russian digital criminal organization that was responsible for an estimated fifth of the world's spam"

    It's bullshit statements like the above that only tend to discredit slashdot. The primary source of spam on the planet is all those compromised Microsoft Windows out there being co-opted into DDOD attacks and spewing email spam to the Internet.
  • At the risk of promoting a commercial item, I will nonetheless recommend the Sentry 2 device for VOIP phones. It rejects (without ringing through) ALL robocalls and calls from its own list of spammers. Your friends press 0 to go through and be whitelisted ONCE. If a telemarketer lies and presses 0 you can do what you want and then press REJECT so he's added to the blacklist. We used to get half a dozen telemarketer/robocalls per day. Now it's down to one or two lying bastards a month. Best $50 I ever

  • so tell that to the mafiAA, breinbaf and the happy-go-trolly bunch sending mass extortion mails hoping a few will pay up so their wage is paid that month ... face it, who's the only ones making money in the witchhunt ?

Unix: Some say the learning curve is steep, but you only have to climb it once. -- Karl Lehenbauer

Working...