The 'Common First Name' Ploy
In my
previous article I talked about a company which sent me the following spam yesterday:
[spammername] LASER AND COPIER SUPPLIES
TAKE ADVANTAGE OF THE SAVINGS WHILE THEY LAST!!!
WE ARE REDUCING OUR INVENTORY FOR THE FALL OF 2002 ON OUR LASER PRINTER AND COPIER SUPPLIES
Since it was long after Fall, 2002 when I received this, I decided they must have accidentally resent last fall's spam without updating the content. Hard to believe someone would be so stupid, but I figured..."Hey, they're spammers! We already
know they're stupid!" So I went searching for spam received from them last fall. Here's what I found:
[spammername] LASER AND COPIER SUPPLIES
TAKE ADVANTAGE OF THE SAVINGS WHILE THEY LAST!!!
WE ARE REDUCING OUR INVENTORY FOR THE FALL OF 2002 ON OUR LASER PRINTER AND COPIER SUPPLIES
That's right. Exactly the same message! But that's not what I wanted to talk about. I want to talk about the
subject line of the message:
Jim- The toner cartridge prices you were looking for.
Oh, look! It's a
personal message! It has my name in it!
...wait a minute...my name isn't Jim! And I'm pretty sure it's not a typo, because
Jim and
Doug are not really all that close. You'd have to be
really stupid to misspell 'Doug', and come up with 'Jim'.
So what's going on here?
Simple. These guys are playing the odds. They realize that, by pulling an email address off a website, they are
not going to get someone in purchasing. They may get a tech support person, or a sales person, or even a CEO.
BUT...they figure that if my company is
big enough, there's bound to be someone in purchasing whose name is Jim.
So what happens? The person who receives the email thinks, "Hmmm! This must have been intended for Jim Wilkinson, since he's the one who buys office supplies. I'll just forward it to him."
And
now, when Jim receives the email, it's not just an email from someone he doesn't know; it's an email that has been forwarded to him
from within the company, which gives it a little more credibility. Especially if it's forwarded from higher up the chain of command. Jim will think, "Oooh! The boss wants me to check these guys out!"
Especially since the subject line now reads:
FW: Jim- The toner cartridge prices you were looking for.
If Jim's not paying attention, he'll think the
boss is the one who typed that subject line.
The bright side of this is, most of us aren't as stupid as the scammers who try this. They think it'll work, because they think, "I'm dumb enough to fall for a trick like this, so everyone else must be, too!" What they don't realize is, they are the bottom-feeders in the shallow end of the gene pool, and most of us aren't as dumb as they are.
A Helpful HintI think this is self explanatory. If you receive an email with someone else's name in the subject line or salutation,
assume that it's a scam. Don't waste your time trying to
guess who it was intended for. Just delete it.