spam

This how-to describes in detail how to collect live, real email addresses from live, real people around the world. Most importantly, it will show you how you can collect 10 000 e-mails in less than 5 minutes work!

In addition, this How-to will help you collect additional information about your target: like photo; full name; list of friends; and potentially also mail address; phone numbers and list their favourite books.

So let’s get on with it!

 

1. Set up an email box on Yahoo, Google or similar tool

This is easy. Just pop on over to; Yahoo Mail; Google Mail; or any other free web based e-mail services out there. I know you are able to set up the account without my help.

Get back here and move to step two when you are done!

Set the e-mail to automatically forward all e-mails to a different account, preferably on a system you can control – either directly, or by POP/IMAP. You want to do this to save you some work later one!

You do not want to use your own name, though, but you knew that, right?

 

2. Get a Facebook (or pick any other social networking site) account

Just register with a plausible name (Jim Johnson, Donna James or similar). This is free, and typically available to anyone, and this is where you will meet your victims. Consider using the same name as in step one, this adds to credibility.

TIP: You may consider using a western name, preferably a woman name, as it sounds less daunting and more secure.

Now, it is out of the scope of this How-to to discuss how to set up your account. So, I just skip on to the next part, and you do too as soon as your Facebook account is up and running!

 

3. Set up a group on Facebook

And yes, you guessed it; how to set up the group is out of the scope of this group. But believe you me, it is plenty easy!!

Give it a winning title - Free gift! Or: Free trip to Dubai!

Why you need it? This is where you will plant your seeds of seduction – where you will promote your give-away, and where your victims will understand why it is so important to give you their e-mail address for free – no strings attached!

So, now you got a group on Facebook. Time to use it!

 

4. Add a prize!

When you want something, you should always offer something. The bigger, and more realistic, the prize, the better it is! Here is one example:

Yes, I noted more realistic above, I know…But – the purpose is to offer something that is realistic to your victims – and they are not as smart as you are, obviously. Thus, this one count as realistic.

And, unless you really want to do so, there is no need to actually give away the prize. I would strongly suggest you do NOT give it away, and use it yourself instead. Or spend your cash on something else. Your victims will never know they did not win.

Period.

 

5. Ask for something simple/cheap compared to the prize

By asking for something that is perceived as not dangerous to give you – like an e-mail address – you are more likely to succeed. But we do now that most anyone will be happy to share their favourite password if you give them a chocolate, so do as you like. On the other side, when you get the e-mail, you got plenty of opportunity to ask for more later on too.

 

So go ahead and ask for it! Make sure you add your collecting e-mail box where they can send their request for the prize, giving away their name and e-mail. Put it out there – like this:

And voila – now you got a large amount of e-mail addresses available. Addresses you can use to send nice offers of pills, travels and other stuff your customers pay you to offer to your list!

 

6. Collect and use

Now you have a large amount of e-mails on your account, it is time to download and put them to work. By installing any kind of e-mail harvesting tool on your e-mail client (many available, find your favourit), you are now able to take the e-mail addresses and their corresponding names from your in-box, and into a database tool.

And as e-mails keeps coming in, your database grows. High quality e-mails with real people on the other side. A great value to spammers.

So start selling it to the highest bidder!

And if someone complains about getting spam? Well, that is not what you are doing, of course. You only provide your customers with fresh e-mail addresses with real people on the receiving side!

The emails are collected, and you may now use them to send out outrages offers of pills, lottery winners and other nice-to-have stuff. But, why stop there?

Get back tomorrow to read about how to build a complete profile of your targets! That part is a Bonus – where I tell you how to collect more than only the e-mail and name of your victims – where I tell you how you can build a full profile of your victim!

In Norway, where I am currently located, advertising for gaming is illegal. The same goes for alcohol, tobacco and many other things. 

Still, there are a couple of Norwegian TV-channels that floods its poor watchers with gaming adverts - because the company is located in London, and not within the Norwegian jurisdiction. And the past 3-4 months, the ads for gaming in these channels has increased dramatically. 

What I have noticed in the same period, is a dramatic increase in spam emails promoting craps, poker and a large amount of related ads. This led me to asking one of my security buddies in the US if the same is going on in the US. He said that no, no such trend was evident over there.

This has led me to consider that Spammers are no longer only using geographic data to tune their spam, but also offer to target particular areas and times when the clients are buying ads in other medias too - thus strengthening the message to the customer. 

This cross-branding, or cross marketing, is nothing new in RL - you see it in TV, papers and magazines around the year. What I find interesting is that now you can cross-brand yourself in magazines, TV, Radio AND by using spam - at the same time. 

A week or so ago, I was contacted by email by someone working at a company who had developed a game. The game where used as part of the promotion of a security event. They wanted me to put a link from my blog to the game in order to promote the event.

The request was polite, and I decided to take a look. I did try the game, but saw no immediate connection to my blog, and decided against promoting it. And I had the courtesy to inform the someone (above).

I promptly got an answer, with some explanations; and quite a few ways I could implement the game anyway. Now, I am a professional sales guy myself, so I do appreciate a certain level of persistence. And being in the polite mood, I told the someone I would spend a few days to reconsider, and that I just might change my initial point of view.

And I did reconsider.

I thought that ok, I could make a quick post on the game, even sharing with you all how I did not have the patience (or skills???) to complete the game myself.

Unfortunately for you and the game developer, this individual (Jenny is her name), did not have the patience to wait. Or perhaps she thought I would not reconsider.

I do not not know, nor do I care.

So what did she do to piss me off like this? Instead of waiting, and accepting my supreme control of my blog, she decided to post a link in a comment. To me, that is SPAM!

And her actions pisses me off enough to do the following:

1. remove the comment/spam - done!

2. send an email to her explaining the fault - done!

3. write and post this post - done!

Yes, I admit, I most likely overreacted. Yes, it did help. I might have achieved the same calmness by walking around the block a couple of times, but then you would never know, would you?

And yes, I do have a very narrow definition of spam - unsolicited mail/comments. And I am the supreme decision maker when it comes to what I find unsolicited.

So you are selling something, and want me to cover it? Leave it to me to decide whether or not it will show up on my blog, duh!

 

Dark Reading has a good writeup on BotNets today - very descriptive, and written without all the technical blah-blah. If you ever wanted to understand the hows and the whys of BotNets, this is a very good place to start!

The Security Mentor begs people to stop buying from spam. And of course, I agree with the Security Mentor! Stop buy from spam! Do you hear me? Just stop!

Except - those who need to hear our call are not likely to read our blogs. And if they do - well, it is either by accident, or by interest. If the latter, well, then I am willing to bet a beer that they do not buy from spam. 

The rest of the people out there - and they are many! - will continue to receive and buy from spam. 

Why? They lack the necessary knowledge to recognize the spam in the first place. (and those who may recognize the spam, and still buy it, is probably to embarrased to buy Vi*gra over the desk anyway, and take the risk of buying from spam). 

Both groups needs education. But they need it where they can read it, perceive it and act on it.  And that is not in my blog, nor in the blog of the Security Mentor. We need to move the information to channels that these groups do read - newspapers, magazines, perhaps even the telly. Put the message into their marketing mix. 

And the message must be adopted to their level of education (not school - but understanding of the technology). My mother is not able to tell a legitimate e-mail from a spam.  So telling her not to buy from spam does no good. I have to teach her how to spot a spam, and how to act on it.

Of course technology can help in this work - but as we (the pros) know just too well - the technology is not good enough to evade all spam. 

And even though my mother loves me, she is not one of the readers of my blog. Thus, telling her not to buy from spam here is just a waste of time and effort.  

What the mentor and I can do is to move the message from our blogs, and bring it out to the community. We may write up articles to distribute to local media, we can talk to journalists, and we can develop training sessions. 

But most importantly, I think we need to realize that the group who needs the message is a very different group than our regular readers. Perhaps if we put our effort together, we could come up a short, 5-step guide of how to avoid the spam-trap? 

I am not alone - now Rob Newby gets hammered down with comment spam too. 

A while back, I needed an antispam tool for my blog comments. I decided to go with Akismet.

A few months down the line, my antispam solution have caught over 2 500 spams. 2 500 spam comments on my blog alone. I think that is a wast number - and can only assume what more popular blogs must handle.

According to Akismet, their service has caught more than 3 billion (as in 3,043,731,975) spam messages since they started. Their complete stats are available.

Thanks to Akismet, I am able to concentrate on doing the writing, and leaving the comments almost to itself. (So far, I have decided to approve all comments - I am now testing full automatic. You will soon discover if it works or not!)

Imagine you are a well know, global brand. Your brand includes several high value products with brands that are recognized by anyone. 

Would you protect your brands? Like trademarking them? Patenting the technology? Building public awareness? Promote and market them?

Sure you would.

What if someone then contacts you and tell you that your computers are spewing out spam. Covering your own products, your competitors products as well as any other kind of products we all receive in our inboxes. 

What would you do now?

I bet you would not dig your big, fat head into the sandbox and pretend that the spamming is not happening. I am sure you would instantly recognize the problem, and start investigating, and then clean out your closet. 

There is no way you would do as Pfizer does.

You see, many of the Viagra, Cialis and penis enlargment pill spams you get in your mailbox originate from within the Pfizer network, and Pfizer does nothing about it.  

Pfizer, it is time to realize you need to clean out your closet. if you are not sure how to do it yourself, I know of many who would love to offer a helping hand!