[extropy-chat] codes in scam letters

Harvey Newstrom mail at harveynewstrom.com
Sun Sep 25 20:29:38 UTC 2005


On Sep 25, 2005, at 12:48 PM, spike wrote:

> After all this time, I am *still* getting scam letters,
> the ones that go something like: Greetings sir or madam,
> I have heard from numerous sources that you are an honest
> man or woman, so please give me your bank account number
> and name, that I may give you 38 billion dollars stolen
> from nygerian communist insurgents, etc.
>
> (I actually got one that misspelled the country it was
> from.  {8^D  )

The spelling is intentional.  Spam blockers recognize this particular 
series of scams and block it by name.  Therefore they have to misspell 
the name to get it through.

> Of course, no one old enough to actually have a bank
> account is falling for those gags anymore, but it
> occurred to me that they would be the perfect vehicle
> for broadcasting coded messages to sleeper cells or other
> criminal gangs.  No one actually reads very far past
> any email that starts with the word "greetings" so
> this might be just the thing.  They could even hide
> a message in misspelled words, so that a copy-
> paste into microsloth word would underline in red
> squigglies the actual message.

Too obvious.  Real codes and encryption can be done so that you don't 
need misspelled words or obvious text tampering to be visible.

> Harvey and other security wonks, has this been done?

Yes.  This idea is very old.  Search the archives of this list for 
"steganography" (hiding messages in images) to find previous 
discussions.

--
Harvey Newstrom <HarveyNewstrom.com>
CISSP CISA CISM CIFI NSA-IAM GSEC ISSAP ISSMP ISSPCS IBMCP




More information about the extropy-chat mailing list