I like to think I'm familiar with most of the tricks of scam emails,
but noticed something new (to me, anyway).

In the last couple of days I've had some "you're on a list of three
winners to receive a �1,000 voucer/a new Tesla/whatever" phishings.
All the usual flags are there -- not-bad-but-clearly-non-native
English, addressed to the name in the email address ("Dear office"),
with a button to click to "confirm your details".

The interesting thing is that the hyperlink (masked by using "bit.ly")
isn't limited to the button: the whole of the email appears to be
live, including blank areas and the grey background to either side of
the text. So clicking anywhere at all on the email (which could easily
be done accidently) would presumably send you to the dodgy website.

This may everywhere, but I've not noticed that before. It's quite
clever, ekchelly, so that they're not relying solely on suckers who
actively click on links.

--
Cheers, Harvey

On 03 Oct 2022 at 15:47:26 BST, HVS <office@REMOVETHISwhhvs.co.uk> wrote:

> I like to think I'm familiar with most of the tricks of scam emails,
> but noticed something new (to me, anyway).
>
> In the last couple of days I've had some "you're on a list of three
> winners to receive a Ģ1,000 voucer/a new Tesla/whatever" phishings.
> All the usual flags are there -- not-bad-but-clearly-non-native
> English, addressed to the name in the email address ("Dear office"),
> with a button to click to "confirm your details".
>
> The interesting thing is that the hyperlink (masked by using "bit.ly")
> isn't limited to the button: the whole of the email appears to be
> live, including blank areas and the grey background to either side of
> the text. So clicking anywhere at all on the email (which could easily
> be done accidently) would presumably send you to the dodgy website.
>
> This may everywhere, but I've not noticed that before. It's quite
> clever, ekchelly, so that they're not relying solely on suckers who
> actively click on links.

Often the whole of the email body just consists of an image with a link behind
it. They do that to make it more dangerous to click as you observed, but also
to reduce the amount of real text there, thus trying to fool spam filters that
analyse the text.

--
"I love the way that Microsoft follows standards. In much the same manner as fish follow migrating caribou."
- Paul Tomblin, ASR

Tim Streater <timstreater@greenbee.net> wrote:
> On 03 Oct 2022 at 15:47:26 BST, HVS <office@REMOVETHISwhhvs.co.uk> wrote:
>
> > I like to think I'm familiar with most of the tricks of scam emails,
> > but noticed something new (to me, anyway).
> >
> > In the last couple of days I've had some "you're on a list of three
> > winners to receive a Ģ1,000 voucer/a new Tesla/whatever" phishings.
> > All the usual flags are there -- not-bad-but-clearly-non-native
> > English, addressed to the name in the email address ("Dear office"),
> > with a button to click to "confirm your details".
> >
> > The interesting thing is that the hyperlink (masked by using "bit.ly")
> > isn't limited to the button: the whole of the email appears to be
> > live, including blank areas and the grey background to either side of
> > the text. So clicking anywhere at all on the email (which could easily
> > be done accidently) would presumably send you to the dodgy website.
> >
> > This may everywhere, but I've not noticed that before. It's quite
> > clever, ekchelly, so that they're not relying solely on suckers who
> > actively click on links.
>
> Often the whole of the email body just consists of an image with a link behind
> it. They do that to make it more dangerous to click as you observed, but also
> to reduce the amount of real text there, thus trying to fool spam filters that
> analyse the text.
>
Yet another good reason for using a command line/text mode E-Mail
program. :-)

--
Chris Green
·

"Tim Streater" <timstreater@greenbee.net> wrote in message
news:jq10bpFlmmqU1@mid.individual.net...
> On 03 Oct 2022 at 15:47:26 BST, HVS <office@REMOVETHISwhhvs.co.uk> wrote:
>
>> I like to think I'm familiar with most of the tricks of scam emails,
>> but noticed something new (to me, anyway).
>>
>> In the last couple of days I've had some "you're on a list of three
>> winners to receive a G1,000 voucer/a new Tesla/whatever" phishings.
>> All the usual flags are there -- not-bad-but-clearly-non-native
>> English, addressed to the name in the email address ("Dear office"),
>> with a button to click to "confirm your details".
>>
>> The interesting thing is that the hyperlink (masked by using "bit.ly")
>> isn't limited to the button: the whole of the email appears to be
>> live, including blank areas and the grey background to either side of
>> the text. So clicking anywhere at all on the email (which could easily
>> be done accidently) would presumably send you to the dodgy website.
>>
>> This may everywhere, but I've not noticed that before. It's quite
>> clever, ekchelly, so that they're not relying solely on suckers who
>> actively click on links.
>
> Often the whole of the email body just consists of an image with a link behind
> it. They do that to make it more dangerous to click as you observed,

Scary

> but also
> to reduce the amount of real text there, thus trying to fool spam filters that
> analyse the text.

Would a spam filter recognise *any* text displayed in the form of an image ?

bb

On 03 Oct 2022 at 22:36:48 BST, "billy bookcase" <billy@anon.com> wrote:

>
> "Tim Streater" <timstreater@greenbee.net> wrote in message
> news:jq10bpFlmmqU1@mid.individual.net...
>> On 03 Oct 2022 at 15:47:26 BST, HVS <office@REMOVETHISwhhvs.co.uk> wrote:
>>
>>> I like to think I'm familiar with most of the tricks of scam emails,
>>> but noticed something new (to me, anyway).
>>>
>>> In the last couple of days I've had some "you're on a list of three
>>> winners to receive a G1,000 voucer/a new Tesla/whatever" phishings.
>>> All the usual flags are there -- not-bad-but-clearly-non-native
>>> English, addressed to the name in the email address ("Dear office"),
>>> with a button to click to "confirm your details".
>>>
>>> The interesting thing is that the hyperlink (masked by using "bit.ly")
>>> isn't limited to the button: the whole of the email appears to be
>>> live, including blank areas and the grey background to either side of
>>> the text. So clicking anywhere at all on the email (which could easily
>>> be done accidently) would presumably send you to the dodgy website.
>>>
>>> This may everywhere, but I've not noticed that before. It's quite
>>> clever, ekchelly, so that they're not relying solely on suckers who
>>> actively click on links.
>>
>> Often the whole of the email body just consists of an image with a link behind
>> it. They do that to make it more dangerous to click as you observed,
>
> Scary
>
>> but also
>> to reduce the amount of real text there, thus trying to fool spam filters that
>> analyse the text.
>
> Would a spam filter recognise *any* text displayed in the form of an image ?

No, but there's the subject line as well. My spam filter includes that with
body text, if any. And one can do a certain amount with ordinary filters, too.

--
"I am enclosing two tickets to the first night of my new play; bring a friend.... if you have one." - GB Shaw to Churchill. "Cannot possibly attend first night, will attend second... if there is one." - Winston Churchill, in response.

On Tue, 04 Oct 2022 08:22:02 +1100, Chris Green <cl@isbd.net> wrote:

> Tim Streater <timstreater@greenbee.net> wrote:
>> On 03 Oct 2022 at 15:47:26 BST, HVS <office@REMOVETHISwhhvs.co.uk>
>> wrote:
>>
>> > I like to think I'm familiar with most of the tricks of scam emails,
>> > but noticed something new (to me, anyway).
>> >
>> > In the last couple of days I've had some "you're on a list of three
>> > winners to receive a Ģ1,000 voucer/a new Tesla/whatever" phishings.
>> > All the usual flags are there -- not-bad-but-clearly-non-native
>> > English, addressed to the name in the email address ("Dear office"),
>> > with a button to click to "confirm your details".
>> >
>> > The interesting thing is that the hyperlink (masked by using "bit.ly")
>> > isn't limited to the button: the whole of the email appears to be
>> > live, including blank areas and the grey background to either side of
>> > the text. So clicking anywhere at all on the email (which could
>> easily
>> > be done accidently) would presumably send you to the dodgy website.
>> >
>> > This may everywhere, but I've not noticed that before. It's quite
>> > clever, ekchelly, so that they're not relying solely on suckers who
>> > actively click on links.
>>
>> Often the whole of the email body just consists of an image with a link
>> behind
>> it. They do that to make it more dangerous to click as you observed,
>> but also
>> to reduce the amount of real text there, thus trying to fool spam
>> filters that
>> analyse the text.
>>
> Yet another good reason for using a command line/text mode E-Mail
> program. :-)

Makes more sense to use one with a decent UI which asks
you to confirm that you want to follow an embedded link.

On 03/10/2022 21:52, Tim Streater wrote:
> On 03 Oct 2022 at 15:47:26 BST, HVS <office@REMOVETHISwhhvs.co.uk> wrote:
>
>> I like to think I'm familiar with most of the tricks of scam emails,
>> but noticed something new (to me, anyway).
>>
>> In the last couple of days I've had some "you're on a list of three
>> winners to receive a Ģ1,000 voucer/a new Tesla/whatever" phishings.
>> All the usual flags are there -- not-bad-but-clearly-non-native
>> English, addressed to the name in the email address ("Dear office"),
>> with a button to click to "confirm your details".
>>
>> The interesting thing is that the hyperlink (masked by using "bit.ly")
>> isn't limited to the button: the whole of the email appears to be
>> live, including blank areas and the grey background to either side of
>> the text. So clicking anywhere at all on the email (which could easily
>> be done accidently) would presumably send you to the dodgy website.
>>
>> This may everywhere, but I've not noticed that before. It's quite
>> clever, ekchelly, so that they're not relying solely on suckers who
>> actively click on links.
>
> Often the whole of the email body just consists of an image with a link behind
> it. They do that to make it more dangerous to click as you observed, but also
> to reduce the amount of real text there, thus trying to fool spam filters that
> analyse the text.

But anyone sensible has their email reader set to not display images or
remote content by default.

On 03/10/2022 22:22, Chris Green wrote:
> Tim Streater <timstreater@greenbee.net> wrote:
>> On 03 Oct 2022 at 15:47:26 BST, HVS <office@REMOVETHISwhhvs.co.uk> wrote:
>>
>>> I like to think I'm familiar with most of the tricks of scam emails,
>>> but noticed something new (to me, anyway).
>>>
>>> In the last couple of days I've had some "you're on a list of three
>>> winners to receive a Ģ1,000 voucer/a new Tesla/whatever" phishings.
>>> All the usual flags are there -- not-bad-but-clearly-non-native
>>> English, addressed to the name in the email address ("Dear office"),
>>> with a button to click to "confirm your details".
>>>
>>> The interesting thing is that the hyperlink (masked by using "bit.ly")
>>> isn't limited to the button: the whole of the email appears to be
>>> live, including blank areas and the grey background to either side of
>>> the text. So clicking anywhere at all on the email (which could easily
>>> be done accidently) would presumably send you to the dodgy website.
>>>
>>> This may everywhere, but I've not noticed that before. It's quite
>>> clever, ekchelly, so that they're not relying solely on suckers who
>>> actively click on links.
>>
>> Often the whole of the email body just consists of an image with a link behind
>> it. They do that to make it more dangerous to click as you observed, but also
>> to reduce the amount of real text there, thus trying to fool spam filters that
>> analyse the text.
>>
> Yet another good reason for using a command line/text mode E-Mail
> program. :-)

No need. Any decent email reader will have options (usually set by
default) to not display images or remote content, unless the user
specifically opts to do so.

I'm getting apparently blank emails supposedly from virgin media which if
you hit enter on they take you to a carbon copy of the Virgin site, but
since I'd never have believed anyone who sends text in graphics like this,
its a bit of a giveaway.
Brian

--

--:
This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...
briang1@blueyonder.co.uk
Blind user, so no pictures please
Note this Signature is meaningless.!
"HVS" <office@REMOVETHISwhhvs.co.uk> wrote in message
news:XnsAF25A0A152891whhvans@88.198.57.247...
>I like to think I'm familiar with most of the tricks of scam emails,
> but noticed something new (to me, anyway).
>
> In the last couple of days I've had some "you're on a list of three
> winners to receive a �1,000 voucer/a new Tesla/whatever" phishings.
> All the usual flags are there -- not-bad-but-clearly-non-native
> English, addressed to the name in the email address ("Dear office"),
> with a button to click to "confirm your details".
>
> The interesting thing is that the hyperlink (masked by using "bit.ly")
> isn't limited to the button: the whole of the email appears to be
> live, including blank areas and the grey background to either side of
> the text. So clicking anywhere at all on the email (which could easily
> be done accidently) would presumably send you to the dodgy website.
>
> This may everywhere, but I've not noticed that before. It's quite
> clever, ekchelly, so that they're not relying solely on suckers who
> actively click on links.
>
> --
> Cheers, Harvey
>

On 03/10/2022 22:22, Chris Green wrote:
> Tim Streater <timstreater@greenbee.net> wrote:
>> On 03 Oct 2022 at 15:47:26 BST, HVS <office@REMOVETHISwhhvs.co.uk> wrote:
>>
>>> I like to think I'm familiar with most of the tricks of scam emails,
>>> but noticed something new (to me, anyway).
>>>
>>> In the last couple of days I've had some "you're on a list of three
>>> winners to receive a Ģ1,000 voucer/a new Tesla/whatever" phishings.
>>> All the usual flags are there -- not-bad-but-clearly-non-native
>>> English, addressed to the name in the email address ("Dear office"),
>>> with a button to click to "confirm your details".
>>>
>>> The interesting thing is that the hyperlink (masked by using "bit.ly")
>>> isn't limited to the button: the whole of the email appears to be
>>> live, including blank areas and the grey background to either side of
>>> the text. So clicking anywhere at all on the email (which could easily
>>> be done accidently) would presumably send you to the dodgy website.
>>>
>>> This may everywhere, but I've not noticed that before. It's quite
>>> clever, ekchelly, so that they're not relying solely on suckers who
>>> actively click on links.
>>
>> Often the whole of the email body just consists of an image with a link behind
>> it. They do that to make it more dangerous to click as you observed, but also
>> to reduce the amount of real text there, thus trying to fool spam filters that
>> analyse the text.
>>
> Yet another good reason for using a command line/text mode E-Mail
> program. :-)
>

Or turn off external content

--
Regards
wasbit

On Tue, 4 Oct 2022 00:46:14 +0100
SteveW <steve@walker-family.me.uk> wrote:

> On 03/10/2022 22:22, Chris Green wrote:
> > Tim Streater <timstreater@greenbee.net> wrote:
> >> On 03 Oct 2022 at 15:47:26 BST, HVS <office@REMOVETHISwhhvs.co.uk>

> >>
> >> Often the whole of the email body just consists of an image with a
> >> link behind it. They do that to make it more dangerous to click as
> >> you observed, but also to reduce the amount of real text there,
> >> thus trying to fool spam filters that analyse the text.
> >>
> > Yet another good reason for using a command line/text mode E-Mail
> > program. :-)
>
> No need. Any decent email reader will have options (usually set by
> default) to not display images or remote content, unless the user
> specifically opts to do so.
>
>

Or indeed not render HTML at all.

--
Joe

On Tue, 4 Oct 2022 08:58:50 +0100
"Brian Gaff" <brian1gaff@gmail.com> wrote:

> I'm getting apparently blank emails supposedly from virgin media
> which if you hit enter on they take you to a carbon copy of the
> Virgin site, but since I'd never have believed anyone who sends text
> in graphics like this, its a bit of a giveaway.
> Brian
>

Sensible people who insist on sending HTML emails include a text
alternative for people like me, including all the links. Most do, some
don't.

--
Joe

Joe <joe@jretrading.com> wrote:
> On Tue, 4 Oct 2022 00:46:14 +0100
> SteveW <steve@walker-family.me.uk> wrote:
>
> > On 03/10/2022 22:22, Chris Green wrote:
> > > Tim Streater <timstreater@greenbee.net> wrote:
> > >> On 03 Oct 2022 at 15:47:26 BST, HVS <office@REMOVETHISwhhvs.co.uk>
>
> > >>
> > >> Often the whole of the email body just consists of an image with a
> > >> link behind it. They do that to make it more dangerous to click as
> > >> you observed, but also to reduce the amount of real text there,
> > >> thus trying to fool spam filters that analyse the text.
> > >>
> > > Yet another good reason for using a command line/text mode E-Mail
> > > program. :-)
> >
> > No need. Any decent email reader will have options (usually set by
> > default) to not display images or remote content, unless the user
> > specifically opts to do so.
> >
> >
>
> Or indeed not render HTML at all.
>
Which is why I use a command line/text mode program. I *can* view
HTML but 99.9% of the time I don't need to.

--
Chris Green
·

On Tue, 4 Oct 2022 11:22:05 +0100
Joe <joe@jretrading.com> wrote:

> Sensible people who insist on sending HTML emails

Aren't those mutually exclusive conditions?

> include a text alternative for people like me, including all the
> links. Most do, some don't.

Too often it's just "your email program can't display this content"
when of course it can,, I just chose not to, and sometimes "view this in
your browser". But if they can't be bothered to supply alternative text
I often can't be bothered to look at the HTML version. If something is
probably dodgy but I'm still curious I'll just disable networking
before clicking anything.

On Tue, 04 Oct 2022 21:17:54 +1100, Joe <joe@jretrading.com> wrote:

> On Tue, 4 Oct 2022 00:46:14 +0100
> SteveW <steve@walker-family.me.uk> wrote:
>
>> On 03/10/2022 22:22, Chris Green wrote:
>> > Tim Streater <timstreater@greenbee.net> wrote:
>> >> On 03 Oct 2022 at 15:47:26 BST, HVS <office@REMOVETHISwhhvs.co.uk>
>
>> >>
>> >> Often the whole of the email body just consists of an image with a
>> >> link behind it. They do that to make it more dangerous to click as
>> >> you observed, but also to reduce the amount of real text there,
>> >> thus trying to fool spam filters that analyse the text.
>> >>
>> > Yet another good reason for using a command line/text mode E-Mail
>> > program. :-)
>>
>> No need. Any decent email reader will have options (usually set by
>> default) to not display images or remote content, unless the user
>> specifically opts to do so.
>>
>>
>
> Or indeed not render HTML at all.

Not viable given that most bills come like that now.

On 04 Oct 2022 at 00:45:06 BST, SteveW <steve@walker-family.me.uk> wrote:

> On 03/10/2022 21:52, Tim Streater wrote:
>> On 03 Oct 2022 at 15:47:26 BST, HVS <office@REMOVETHISwhhvs.co.uk> wrote:
>>
>>> I like to think I'm familiar with most of the tricks of scam emails,
>>> but noticed something new (to me, anyway).
>>>
>>> In the last couple of days I've had some "you're on a list of three
>>> winners to receive a Ģ1,000 voucer/a new Tesla/whatever" phishings.
>>> All the usual flags are there -- not-bad-but-clearly-non-native
>>> English, addressed to the name in the email address ("Dear office"),
>>> with a button to click to "confirm your details".
>>>
>>> The interesting thing is that the hyperlink (masked by using "bit.ly")
>>> isn't limited to the button: the whole of the email appears to be
>>> live, including blank areas and the grey background to either side of
>>> the text. So clicking anywhere at all on the email (which could easily
>>> be done accidently) would presumably send you to the dodgy website.
>>>
>>> This may everywhere, but I've not noticed that before. It's quite
>>> clever, ekchelly, so that they're not relying solely on suckers who
>>> actively click on links.
>>
>> Often the whole of the email body just consists of an image with a link behind
>> it. They do that to make it more dangerous to click as you observed, but also
>> to reduce the amount of real text there, thus trying to fool spam filters that
>> analyse the text.
>
> But anyone sensible has their email reader set to not display images or
> remote content by default.

My app does that by defualt unless you've moved the email to a mailbox which
is not Junk or Trash.

--
"Once you adopt the unix paradigm, the variants cease to be a problem - you bitch, of course, but that's because bitching is fun, unlike M$ OS's, where bitching is required to keep your head from exploding." - S Stremler in afc