A weird new form of email scam

OK, we all know that spam we get—sometimes spoofed as if from our own email address!—telling us to click on some link.

Scene 1

The other day I got a new sort of spam. It was from a colleague, the subject line was “Are you available in campus,” and the email went like this:

On Feb 9, 2019, at 11:44 AM, ** <**[email protected]> wrote:

Hello are you there?

with a legitimate-looking signature line with this professor’s title.

Seemed a bit brief, but who knows? I responded when I got the email, several hours later, saying that I was not around right then.

I completely forgot about all this until I received the following email today from a completely different colleague, subject line “Are you on campus,” with the following content:

On Feb 13, 2019, at 4:56 PM, ** <**[email protected]> wrote:

Are you free at the moment ?

Again, the message ended with a legitimate-looking signature line.

This seemed odd, so I checked the emails carefully and noticed that they were not the actual emails of these two colleagues.

OK, so it’s some sort of scam. But, as is often the case, I can’t figure out the plan. I’m gonna respond to this email and then . . . what, exactly? I mean, whoever’s doing the scam already has my email, so what do they get out of me responding to some fake address?

I can’t figure this one out.

18 thoughts on “A weird new form of email scam

  1. Once you reply, the “colleague” asks you for some kind of favor — usually “I’m stuck in a meeting, so can you buy these iTunes gift cards for me and send the numbers?” or something like that. You end up being convinced to send money to the scammer, in some form that’s easy for them to transfer and hard for you to get back.

    Our department got something similar sent to most of the faculty claiming to be from the department head, and a friend of mine had the same thing happen at his department. It seems to be a popular scam trend now.

    • Right, Andrew, you’re only thinking of it from the perspective that you received the email. The sender may have sent to many possible computer generated versions of Andrew Gelman so doesn’t really know which is the real email. Further, your response makes the email more valuable than something like simple confirmation that the email was not bounced back or failed to send for some other reason.

      • Exactly, and for the same reason you never want to answer a telemarketer call. It is best to just ignore all calls from numbers you don’t know.

        • I struggle with balancing this idea with the idea that someone may be in an emergency but can’t use their own phone number, e.g. Becsuse the Battery died.

        • They can leave a message or text in that case. The odds of it being someone I want to talk to is so low otherwise. I’d guess I get hundreds of telemarketing calls each year, and there is some emergency situation like you describe less than once per year. So the odds are pretty low an unfamiliar number is a call I would want to answer.

        • Yes. Here is another way that telemarketers are trying to get to you besides cold-calling:

          Yesterday, I called my hotel rewards card (IHG) to indicate that I noticed a discrepancy in points/recent visits. After fixing the error, the operator asks, “would you be interested in redeeming those reward points?” As it turns out, I was interested although I wasn’t planning to do that on this call. So, I say yes.

          Instead of turning me over to a reservation agent, she connects me to a telemarketer for their time sharing program. It took me awhile before I figured out what happened.

          Watch out!

    • I’ve heard this before, but I’m not sure I believe it. I figure, why would they go to the trouble of verifying an email address if they could just lie and say it’s active. It’s not like these people are paragons of business ethics.

  2. I’m getting a somewhat similar scam:

    I’m getting emails appearing to be from my email service provider. I had to study the most recent one for a second or two:

    Dear Customer:

    your Five incoming mails were placed on pending status due to the recent
    upgrade to our database. In order to receive the messages

    Start Here (link)

    and wait for responds from HELP DESK

    We apologize for any inconvenience and appreciate your understanding.

    Regards, (provider)

    The “updates to our database” sounds phishy; the source address isn’t quite right for my provider; the incorrect use of the word “responds” is the clincher.

  3. It is interesting to me that a mass-mailing scam would be uniquely targeted to a relatively specific cohort – academics or students – for whom a question about being in/on campus would be potentially applicable. I would presume that the scam selects recipients by an “edu” component in the email address?

    Is the purpose of the scam specific and somehow a function of the uniqueness of the target? Is the basic purpose of the scam more generic, but can be modified and still serve the purpose if targeted to a more specific cohort?

  4. Another possibility, having worked in the field, is that there was an attachment that was stripped by your email provider who scans for malware and the like. Typically these are done without notifying the recipient or sender to reduce the likelihood of being able to figure out exactly what triggered the removal and make countering the filters a little harder.

  5. I belong to a Meetup group and someone messaged me through the website once. Entire conversation:

    Him: Hello Jeff
    Me [not recognizing the guy from his pic, but that’s common for me]: Hello. What’s up?
    Him: I’m okie. How are you doing??

    Closer inspection showed he had been joining Meetups pretty indiscriminately, and I determined that his pic had been lifted from elsewhere on the web. So, okay, end of conversation, but it did leave me wondering, since there wasn’t really any scammy behavior. At this point I decided there must be a lot of bored people in this world.

  6. They send this, you reply, then your email client will recognize their email in the future. This makes them appear less suspicious in the future.

    In fact, the scammers may carry on innocuous correspondence for some period of time with the hope that you come to recognize theirs as the address of a colleague. Then comes the ask for iTunes gift cards or whatever.

  7. There can be malware attachments, embedded images, or links to direct you to a phishing or infected site. Embedded images are sufficient to tell them you have opened the email even without responding.

Leave a Reply to Lord Cancel reply

Your email address will not be published. Required fields are marked *