KDaddy’s General Observations: Email Spammers

I gotta hand it to email spammers: They’re becoming quite clever in their attempts to get you to click on whatever links they’ve put in their email and because they know that some people will be… curious enough to take their bullshit for a real thing and click the link..

And wind up regretting that they did. One of the reasons why I use Outlook as my email client is that I can see the address of the person sending me mail and I know how to access the header information that’ll tell me where the message really came from… but that’s what I used to do for a living.

Then add in the fact that I know who should be sending me emails and especially when I have multiple accounts, like how I get emails from “Facebook” telling me some shit about my account… but where I got the email? I don’t have a Facebook account attached to that email address.

Getting my junk mail folder overloaded with spam is now one of those things to be expected and, admittedly, a lot of it is hilariously funny and rather inventive, like the one that T-Mobile allegedly sent me about winning a brand-new iPhone 13… when I already have one. Or the ones I get saying that my package can’t be delivered so click this link to get my package… when I know good and damned well that I haven’t ordered anything and the message is sent to an email address I don’t use for ordering things online.

They’ve gotten so clever that some of their bullshit arrives and uses banners like Amazon or some other known entity and, um, why would I be getting an email from Verizon telling me that they’re going to shut down my account… when I don’t have an account with them? Or the ones I’ve been getting lately that appear to be from Microsoft and informing me that someone’s been trying to access my account and I should click here to check things out… but the URL for the link doesn’t have shit to do with Microsoft and, well, it’s not the spammers fault that they don’t know that I know and even when they try to hide the link, I can just hover over it and Outlook will show me the URL.

I think they’re a bunch of idiots but, again, a lot of people will panic if they think the email is legit and one of the more hilarious ones was the one I got from the IRS telling me about a tax bill to be paid… when I don’t pay taxes anymore and I know that the IRS would never send an email in the first place. Now, sometimes, this crap gets past the Microsoft Exchange servers but that’s also why Outlook has the feature of being able to mark something as spam – and it creates a blacklist that if it sees it again, it’ll automatically go to my junk mail folder or, as added anti-spam protection, if it’s not on the whitelist – those emails it thinks is spam but I know it isn’t – then right to the junk mail folder it goes.

It’s not infallible; I often have legit emails wind up in the junk folder and, honestly, it’s something I’m not used to… but that’s because I spent a whole career being on the other side of an Exchange server and, yeah, I know how it works and that enterprise level and combination of Exchange and Outlook does behave differently and dependent upon what anti-spam software the servers have installed and running; it would drive me nuts getting trouble tickets from users complaining about their legit emails going to spam and them not understanding that it’s really not possible to totally and completely eliminate this… unless they’d like for me to remove their account.

One of the things I love about Outlook is that it’ll convert any URLs in an email it sees as spam to text, which effectively deactivates the URL and keeps any hidden code from running by itself. I use Malwarebytes as well; it’s proven to be very effective in keeping our computers free of the shit that can cause major problems for us and our machines… and I have to admit that Windows Defender has gotten somewhat better and it plays nice with other anti-virus/anti-spam/anti-malware software on the market.

The spammers don’t know that I know stuff like this… and I’m not of a mind to tell them. I will tell y’all to really pay attention to the emails you get and especially those you’re not expecting to get; if you haven’t ordered anything online but get an email from “FedEx” saying that you need to click this link to get your package, just send it to your junk mail folder. I will tell you that if you don’t have software on your computer or phone that’ll keep spam and other bad shit away from you, get some and, yeah, I have Malwarebytes on my phone, too, and, eh, I wouldn’t trust free versions of such software because they may not provide all the protection that’s possible.

The biggest and most important advice I can give about this is… be smarter than the spammers. I know too many people who wind up getting jacked up or their device does because they’ll see what looks like a legit email, wonder “what the fuck is this” and not only open it but click the link and, again, wish that they hadn’t. Spammers prey upon the fact that most people don’t really pay that much attention to their emails or, if they do, not all email clients allow you to see the other information that would tell you that this is spam, oh, like, I’m pretty sure that Amazon doesn’t use Gmail to communicate with customers.

I’m still laughing about the one I supposedly got from T-Mobile about being selected to receive… the same iPhone I already have and, well, you’d think that since I do have T-Mobile as my carrier, they also know what phone I have… so why are they selecting me to get a phone and free at that? The obvious answer is… they aren’t but this clever spammer is hoping that I believe them. My lady showed me something about a person who got scammed for over $1,500 for a Verizon bill… that they didn’t really have. Whoever put this info out there included a pic of the email this person got and, yep, it has the Verizon banner on it.

What the person who got scammed should have done was to ask themself why Verizon was sending them a bill like this… and if they had Verizon (and I’m assuming that they did), they should have called them and asked what the fuck was this email about but, apparently, that’s not what they did… and now they’re out of $1,500. Did the spammer know that this person had Verizon? Probably not… but that’s why they call it phishing because they can reasonably assume that they can send this shit to enough email addresses and someone is going to fall for it because they do have Verizon… and not likely to think that, um, there’s no reason for their bill to be that high.

This wouldn’t be that big of a problem if companies who legitimately have our email information did a better job of preventing data breaches and they were to stop the practice of selling email lists in the first place. Yeah, I get that while the address is ours, when it’s in their systems, it’s their data and they can do whatever the fuck they want to with it and if your email wind up on the dark web because they sold it to someone, well, that’s not their problem…

But it could wind up being yours and it’s a business practice that needs to be outlawed and more so if companies are really serious about protecting our online privacy. They get away with it because they hide it in their conditions, which is couched in so much legalese that almost no one ever really reads it; they just click “Accept” and go on from there and without realizing that them telling you how they’re going to use your data could also include them selling it to make some extra money.

If it looks to be too good to be true – and you’re not expecting such an email – it’s probably spam and, well, don’t read it or click on it – just do whatever your email client can do about sending it to junk and, hopefully, you won’t see it again… but you might because one of the holes in this whole thing is the inability to validate email addressed and/or the domain name being used; as long as an email address has something before the ampersand (@) and it’s something with a period and a followed legitimate domain identifier like .com, .net, etc., the SMTP/IMAP mail servers will allow it through unless the literal address has been flagged as being spam on that end of the email process.

And spammers learned a long time ago how to fool an SMTP server because as long as the format of the address is correct – “something@something.com” – it’ll be delivered to you even if it’s spam and now it’s up to you to put it in its proper place: Your junk mail folder and, oh, yeah, don’t forget to empty it and, preferably, once you’re finished reading your legit emails and just get in the habit of doing it.

You just have to be smarter than the spammers and, again, use the software and apps that are available to help keep the spam away from your inbox unless you’re like me and you get a kick out of how stupid spammers really are…