How Spammers Hook Their Victims

Written by Jeff on January 31, 2013

I recently read an interesting article about a spam email that was, for all accounts, poorly crafted according to the author. I am inclined to agree with him on the surface because when you look at this message it looks like an early attempt at mass email marketing:

Subject: Consideration

Message body:
Thank you for taking the time to contact us.

Within two weeks we should be able to provide you with a decision in regard to your question, and we want you to know that we will be giving your question our fullest consideration.

We would like to thank you again for your time and consideration and will be in touch with you as soon as we have some definitive information for you.

Also you can track your request by visiting our Tracking System Page.

Yours very truly, Venessa Robison.

Hopefully, you were able to pick up on the many mistakes made in the message, but if you missed let’s go over them:

  • The subject line is overly generic
  • There is no attempt at making this look like a personalized message
  • The formatting is horrible
  • It is written in an odd sounding tone
  • The name looks contrived

If you received this message and clicked on the link, you were routed to a “Canadian” pharmacy page where you could but just about any prescription drug you needed, or wanted, for enhancement purposes.

But it was not the lazy attempt that was so shocking to the author, what surprised him was that this technique must still be working for the amount of resources the spammer put into it. Again, I am in total agreement. If no one was buying and the spammer wasn’t making any money then we wouldn’t be seeing these email messages.

But this is where my agreement with the author ends; because I am not bewildered in the slightest bit by this.

Why This Still Works

Spam is marketing, plain and simple. Spammers use the same things that television, radio and print advertisers have been doing for years; playing on human emotions.

Just like their counterparts on Madison Avenue, the spammer needs to motivate you into taking action. In the case of this email, there are two things that you need to do. First, you need to click on the link to get to the landing page. Next, you need to buy something. (Note well – not all spammers need to get you to buy. Some are paid for simply getting you to the website or to download something.)

So in our example the spammer plays off a common emotion, curiosity. People by nature are curious if not downright nosy. This email has no personalization so it could be a response to anyone. A person receives it and things, “hmmm, I didn’t contact these people, but let’s see who did.” Once that curiosity kicks into gear the spammer has his or her victim hooked. They click the link. Now if we are honest, most people who don’t click the link avoid doing so because they spot something fishy, not because they don’t want to see what’s behind all of this.

So the victim clicks the link, step one is done. Now we turn to another emotion, inadequacy. Some of the people who clicked will immediately see this is a scam and scan their computer for viruses. Some will think, “I don’t need this crap,” and go to some other page. But some will have that little voice chime in and say, “Hey, maybe this stuff does work…” With that, the spammer makes a sale.

Spam comes in all shapes and sizes. As technological controls evolve to stop more spam at the gateway, expect to see the construction of spam emails change but one thing that will always be a constant is their attempt to tap into the emotions of their victims.

Feel free to share with the rest of our readers some examples of spam messages you have seen that use strong emotions or feelings to lure in their vicitms.

Comments

kambing February 1, 2013

yep . Fanbox will spam your inbox . ! i’ve change my email because of a lot of spam !

M. David February 2, 2013

Contrary to all marketing logic that a message must be well targeted to convert, it seems that with some type of products – i.e. drugs in this example – even an awfully untargeted message works. This is what makes the scheme going.
As for spam messages I personally get, I especially love the ones that are in a “response” to my application for a job. Since I have my own business, I haven’t applied for jobs in years, so I really laugh at these attempts to hook me. However, for many people such emails are quite realistic and probably they get hooked.

Carla Mayer February 12, 2013

You know, I wouldn’t immediately consider this as spam as I know friends who write this way. In fact, sometimes my subject is too short and generic, especially if I am tired of thinking about how the subject should be like. Perhaps what would worry me about the e-mail is the link itself. Normally, I hover my mouse over the link before I click it. Then I bring my attention to the bar below the screen, which should reflect the complete address of the URL. If it sounds suspicious, I automatically report it as spam into the system so I don’t receive it again and hopefully others won’t too.

Liam Lim February 28, 2013

If I were to read this, I would not immediately think that there’s something wrong about it. Yes, it sounded quite generic, but I also received the same thing from regular marketers, unless, of course, I would have to label them as spammers as well. As what the writer have said, it looked like an e-mail from an online marketer newbie, so it’s possible that e-mail sounding like this could be immature but not necessarily spam. There should be more distinct signs for spam.

Holly June 2, 2013

Like Liam, I wouldn’t find this email as fishy or suspicious. It’s not excellently composed, but it doesn’t sound that bad, too. Well, at least it’s not like those awful Nigerian scam messages I used to receive! I know of some people who send personal messages in this format, so it’s not unusual for me. I also know of some companies that send out emails this way, and they’re all reliable ones. This is what makes spam scary. You don’t know which ones are real and which aren’t legitimate, no matter how knowledgeable you are about malware, phishers and scammers!

  • (required)
  • (required)