Distributive Spam Distraction Cloaks Serious Attacks

Do you ever wonder why some spam makes it past your spam filter and gets into your inbox? Well, there’s a reason for this. The sender basically figured out the spam filter algorithm and was able to bypass it. They may have done it by pure luck but, in most cases, they do this by informed trial and error. They tweak their emails, changing different parameters, until they succeed. But that’s not the end of the story. Even after evading the spam filter, the average user can identify a spam email in 5 seconds. With this in mind you’d have to wonder how phishing emails ever succeed. But, of course, they do.

 No email service is going to release details of its spam filters because that would just be giving email marketers and hackers a manual for how to get into a target’s inbox. That said, there are a few factors that can be asserted with some certainty.

Of course, any sender that has been previously blacklisted will not make it through the filter. Spam filters also have access to a list of malicious links and, if any of those links is spotted in an email, the email is marked as spam. The filter also looks for certain words and phrases that often appear in spam emails. These include the following:

As seen on

Order status

Meet singles

Additional income

Eliminate debt

Viagra

Lose weight

Act now

Risk free,

and many more.  

These phrases will not be the only indication of a spam email but they will trigger an alarm and, if matched with other factors, could brand the email as spam. But, as you may have expected, there are software programs that will help you design an email that does not contain these words.

To avoid being classified as spam, a good spam marketer or hacker knows that they should use good grammar, include an unsubscribe button, and address the person by their name, And if you’re not good at writing a good spam email, don’t worry. There are plenty of services to help you bypass a spam filter. In fact, you can test the “spammyness” of your email before you even send it by going to a site like this.

So, I gave it a try. I sent an email from my Gmail spam folder that was wrongly classified as spam. In fact, the spam level was 10/10, meaning it was a good email that should avoid the spam filter. I then sent an email that was classified as spam in Yahoo. It had a score of 7.2 which was considered as “almost perfect”. You can then check on the areas that need improvement and, in effect, tweak the email until you get a better score.

The above strategies are used by email marketing services and are not illegal. However, there are other techniques that are guaranteed to bypass spam filters that are used by hackers. This happens when hackers take over an email account and use it to target the victim’s contacts. In this case, the email is whitelisted and should make it through the spam filter with no trouble. It’s not that hackers can’t use marketing services to design good emails, they probably do since many of these services offer free trials, but for guaranteed success, a valid email address that at least looks like it came from a trusted contact is always the best vector.

Recently, some forums have seen reports of people receiving an unusual avalanche of emails all from different IP addresses. Most of them get through the spam filter so the victim has to manually check and delete each of them. But how do hackers manage to have enough time to send thousands of valid emails to an address? No problem. There are people who will do it for them and they’ll do it for free.

One of these email helper businesses is Saleshandy. Let me make it clear that there is nothing illegal about this company. It is a service and the people using the service are responsible for how they use it. That said, it offers the following.

That sounds like quite a claim, so how does it work?

Basically, the marketer or hacker gives the service the email addresses it wants the email sent to. The service will walk the client through the process of composing the email and gives them an option on scheduling the sending of the emails.

Then, there’s MailBait. MailBait offers to fill your inbox with emails. What? Yes, here is their homepage.

So who in their right mind would want to fill their inbox with email? Oh, wait. MailBait already anticipated this question on their FAQ page.

Okay, I get it. Maybe a small percentage of people want to test their email filters…sure. And you are encouraged to only use your own email address, not someone else’s…sure. But a few criminals or jokesters may want to overwhelm someone with forms. How many forms? Well, I tested this out by submitting a temporary email address. Notice that only 2 of the 747 packs were submitted but the address was already sent over 100 forms.

At this rate, the lucky receiver could be sent tens of thousands of emails, at the very least.

However, hackers have found a better use for this and other mass emailing services. Just as magicians use misdirection to hide what they are really doing, these hackers use mass emailing techniques to hide what they are doing. These are referred to as Distributed Spam Distraction attacks or DSDs. Keep in mind that serious attackers can purchase a DSD attack on the deep web for a reasonable price. The price for an email attack from a reputable deep web seller is about $15 for 5000 messages to $30 for 20,000 messages. Compare these prices to legitimate marketing services.

Now,imagine the scenario in which I, as a hacker, have your credentials. I may know your Amazon login or your bank login. Unfortunately, these are only good until you learn something is wrong and change your credentials. In other words, I would like to keep you from doing this so that I can continue to take your money or buy things in your name. You would probably learn of my purchases or transactions through a confirmation email, but what if you get similar confirmation emails that are nothing but spam, and imagine you have to delete each of these individually because they come from different IP addresses so that they cannot be blocked en masse, wouldn’t there be a pretty good chance that you would also delete a legitimate confirmation email? Well, at least that’s what the hackers hope you will do.

To sum this all up, if you suddenly see a marked increase in spam making it into your inbox, start worrying. Sure, it could be someone playing a joke on you or getting revenge, but there’s an equal probability that your credentials have been stolen. It also doesn’t hurt to check your spam folder from time to time to see if you aren’t targeted with more spam than usual. Be especially careful of confirmation emails if you have not purchased anything. In the worst case scenario, you may have to perform the dreaded task of changing your password, but this certainly beats the alternative.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s