58

Yesterday I found a spam mail in my inbox. I inspected it in order to find out why DSpam and SpamAssasin failed. You can find the raw German mail here, here's a translation:

Good Morning. We got to know each other on the website of acquaintances. I want to continue communicating with you, that's why I sent you my picture. I live in RU, the distance is no problem for me. We can communicate us. How old are you? Write me please and send me your photo. I'll be waiting.

The text has poor grammar and lacks any German umlauts.

What actually made me wonder was the purpose of the mail. Usually a spammer wants you to click a link or something, probably to infect one's PC or verify an active mail at least.

Why would a spammer want to know my age and a picture of mine?

Improve this question
10
  • 42
    "The text has poor grammar and lacks any German umlauts.": That is a deliberate tactic.
    – BCdotWEB
    Commented Dec 9, 2015 at 15:01
  • 9
    There's the classic "online dating scam", of course, in which someone actually attempts to gain another's trust via direct communication, then solicits a gift of money or a "loan" which will never be repaid. This sounds more generic, though - the dating scam is generally a more individual communication to a chosen target, I think.
    – recognizer
    Commented Dec 9, 2015 at 16:12
  • 5
    They're likely trying to create fake-ish profiles somewhere and need real people's images to use so that it's not so totally obvious.
    – SnakeDoc
    Commented Dec 9, 2015 at 22:24
  • 12
    The image, if taken with a smartphone, might also contain metadata about your location, which might be useful to him
    – mowwwalker
    Commented Dec 9, 2015 at 22:34
  • 5
    Could easily be the first step in a social engineering op. Many others will think its harmless and respond. Now the scammers step it up. Maybe photoshop blackmail? Try grabbing a random pic from google and respond.. see what happens.
    – BAR
    Commented Dec 10, 2015 at 0:26

11 Answers 11

Reset to default
97

There was a psychology experiment where two groups of homeowners went door-to-door and asked, ironically, for people to consent to display a large and ugly sign in their yard that said some form of, "Keep America beautiful."

What distinguished how the two experimental groups were treated was that one group was asked beforehand to agree to display an index card in their front window with the same theme. Almost everybody agreed to display the index card.

Agreeing to display the index card had a notable effect. People who were asked up front to display the sign in their yard usually refused (about 30% of them agreed). People who had displayed the index card usually agreed (about 70% of them agreed).

The point made in reference to this experiment has been called the "foot in the door effect." Agree to something little, and you are much more likely to agree to much more.

Add in this case that if someone is trusting, and perhaps like many people online a little lonely, sending a picture may not seem too much to ask. And you have a foot in the door opening up to problems much worse than mishandling of the German language.

Improve this answer
6
  • 27
    This is very ineresting. Do you have a reference to this experiment?
    – leancz
    Commented Dec 10, 2015 at 9:41
  • 7
    This is actually a well-known piece of psychology. Start from the reference material on Wikipedia. This sign story is also listed there, but lacks a citation, but there are others with citations you can look at. There's been a lot of research done on this.
    – phyrfox
    Commented Dec 11, 2015 at 3:41
  • @leancz You may want to read this book also which explains this principle (as well as others). This book was a life-changer for me.
    – ereOn
    Commented Dec 12, 2015 at 13:58
  • 1
    The foot-in-the-door method and its counterpart, the door-in-the-face method, are both known negotiating tactics and are the kind of thing that might be taught to salespeople. The door-in-the-face tactic is where the first request is for something outrageously large or too much, the target will refuse, then the next request will be for only a bit less. The target, having refused the first request, might feel as if it would be unfair to refuse a seemingly more reasonable request. The initial request also set a grounded expectation for what kind of range might be seen as reasonable.
    – thomasrutter
    Commented Dec 13, 2015 at 12:06
  • The purpose of both is to try to get someone to agree to a less favorable deal than they would have agreed to had you lead with that deal as your first offer.
    – thomasrutter
    Commented Dec 13, 2015 at 12:09
59

What I miss in the other answers is that an image may contain extremely useful information about you. A jpg contains blocks like the EXIF metadata (here in IrfanView):

IrfanView

and even more interesting, the IPTC or XMP metadata: IPTC metadata

giving the spammer possibly:
- camera type (how expensive and sophisticated)
- your full name
- under contact possibly your full address !
- your location, sometimes even the GPS coordinates
- the time the image was taken.

You can remove the header information with jpegtran or other image optimizers. I do not know why camera producers do this (or I suspect they exactly know why they do this and do not care or actively try to get money for the information), but with their programs you should install for accessing the camera they insert loads of valuable information about you.

ADDITION: @Erronoeus pointed out in the comment (in case it gets deleted) that images are often taken and sent by a smartphone. This allows attackers to identify the running OS (possibly finding out if the device is vulnerable) and gives the IP address, allowing e.g. to pinpoint the current location and getting other information. In case of the example we know for example the person's name and that he has married on July 20th, 2007. This gives possible entry points for security access codes (Keycode: 2007 Safe code: 20-07-20 Telephone question for bank account: When did I marry ?).

Improve this answer
7
  • 7
    Don't forget that most people will be using their phone to take a picture, and probably send the email. Using the EXIF data could tell you if you use an Android smartphone vulnerable to Stagefright. This in combination with your IP could be quite useful.
    – Erroneous
    Commented Dec 10, 2015 at 18:19
  • 8
    The question remains: Why didn't Kai get married at the magical date 13 days earlier just like gazillions of other couples?
    – Hagen von Eitzen
    Commented Dec 10, 2015 at 20:59
  • 16
    @HagenvonEitzen Kai has perhaps a preference for duplicate repetitions ("2007 2007") instead of triple ones (07 07 07).
    – Thorsten S.
    Commented Dec 11, 2015 at 0:57
  • The reason camera producers attach all this header information is supposed to be to ease organization and tagging of photos (mostly for professionals). What I don't get, however, is why it's enabled by default. It seems like nothing more than a security risk for most users. It reminds me of how Facebook used to post your location by default. They didn't remove that until it blew up. I'm not aware of any equivalent happening to cameras (and camera software is slow to change).
    – Kat
    Commented Dec 18, 2015 at 16:28
  • I think this is a better answer than the currently-accepted answer. I am not discounting the analogy posted by JohnathanHayward, but this is an incredible example of how powerful metadata can be.
    – Mark Buffalo
    Commented Feb 5, 2016 at 18:21
30

There are so many potential things that could be happening here. The attacker may try phishing by having you click a malicious link which containing malware such as keyloggers or similar. The attacker could also try social engineering to gather all information he/she can about you before attempting to get into your account. Keep in mind most e-mail servers will include the originating IP when sending e-mail so they could get your IP and attempt to hack into your computer. The spammer may be just gathering active e-mail to send spam later down the line.

Improve this answer
3
  • 1
    The fascinating thing about this mail was that there was no link (thats why I was curious in the first place). I'm pretty sure that the client IP isn't in my mails, too. This could be the case for outlook and the likes, though. The information gathering for SE is a good idea, however.
    – Sebb
    Commented Dec 9, 2015 at 13:45
  • If you reply, the spammer knows it's an active address. They can therefore be certain that you will receive any spam sent, and thus your information could be of much higher value.
    – AStopher
    Commented Dec 11, 2015 at 23:41
  • Has stagefright been used for anything besides denial of service? I was under the impression that ASLR made profitable attacks impractical.
    – Buge
    Commented Dec 12, 2015 at 18:28
27

He may not be trying to get an image, but your confidence. That is why he/she sent his/her (most likely false) picture. Its social engineering at its best.

In the future he/she may ask you to click something or maybe will try to impersonate with the information that he/she got along the way.

For now, the main goal is to get your attention.

As society, in general, gets aware of this schemes, they tend to evolve rather than disappear. At least while they are profitable enough. Before, one step on mail communication would be enough:

  • get someone to do something (eg.: check this cats video, download this relaxing fish tank screen saver,etc)
  • ask information directly (eg.: the King of Atlantis needs your help to get his money, you can get a nice reward. Please provide name, age, etc).

Now things start to get complex and you may need to get someone attention and confidence first.

Improve this answer
21

I just want to add sexting to the list.

They gain your confidence, you start exchanging pictures, innocent at first but getting racier ("she" will do the same, of course), at some point maybe even very compromising videos as they record you on some future Skype sessions - and boom, you're being extorted with the threat that all of this will be shared with your friends on facebook unless you pay. Needless to say, payment usually doesn't save you from more extortion.

More likely, this is just a Russian brides scam. "She" (and it indeed could be a she, though probably hired by someone) will keep writing you if you reply, she will be kind and patient, asking a lot - well, she will be pleasant. When she has your confidence or, worse, you're already half in love, she will tell you about a very difficult situation she's in and only money can solve. It's likely she will not even have to ask you for it, you will offer it to her.

Improve this answer
1
  • 1
    I think the last paragraph is more likely as you suggest. I am sure I have read more than one article describing this scam, which I think is older than email. The first email here is likely 100% spam, but promising replies will be followed up by a real person, semi-scripted, waiting for a good point at which to inserts one of several scams (a common one being having costs payed in travelling to meet their new "love", maybe followed up with with the difficult situation)
    – Neil Slater
    Commented Dec 13, 2015 at 8:52
12

This sounds like someone wanting to create real-looking "fake" profiles on social media like facebook, and searches for easy-to-digest input.

This is a real industry, as for example this report from theweek shows.

Improve this answer
3
  • 8
    Why would they bother sending email asking of a photo? Why not just rip some off from the web?
    – Mawg
    Commented Dec 9, 2015 at 14:57
  • @Mawg Convenience - and they have a matching age value.
    – Marcel
    Commented Dec 9, 2015 at 15:04
  • 2
    Yes. Pictures from dating sites aren't indexed by Google, so they could easily steal photos from there.
    – desbest
    Commented Dec 9, 2015 at 15:08
7

As mentioned by Paul already there are many potentials and it's impossible to determine the real intent of this phishing attempt without reacting to it.

If the attacker attached his picture (as stated) directly to the email, it could be maliciously crafted and infect your PC. Users are generally more aware of infections through links than through images...

My best guess about the fact that he asks about your age and a picture is that he is targeting young naive people, looking for some attention. They are generally more inclined to advance on such questions than adults. Once they do, the spammer:

  1. knows it's an active mail address, and
  2. has more information about the victim allowing him to optimize his social engineering attack, for whatever purpose...
Improve this answer
5

There are 2 angles. First one is, what can they actually do with your image:

  • Some people might indeed be stupid enough to respond with a dick pic, preferably one where their face is visible as well. Figure out their facebook account and ask them if they'd like the picture sent to their friends list, or if they'd prefer to pay. Of course in reality they'll first try to get those people to wank off in front of a webcam, which is worth even more extortion money.
  • Normal people may just send a normal picture. A picture and a name is much better than just a name if you want to find out who exactly you're dealing with online. You can find out age, occupation, and income. You can also find out about hobbies and other activities that can be used to flirt with the target.
  • People who just answer to mess with the scammer can use a stock picture. Reverse image search and these people are easily filtered out, saving the scammer lots of time.

The second angle is the psychological effects:

  • People who respond with their picture are more likely to be gullible. This identifies easy targets.
  • By asking for something relatively harmless they can start a pattern of trust, where successively ever more information is transmitted. This can end in a picture of the credit card, a dick pic, or both.
Improve this answer
4

It's not uncommon at all a con attempt to try to get you to take innocuous action first, getting a foot in the door with you, then in later communication get you to actually take whatever action it is that is their primary goal.

Why? Very simple...look at what you're doing right now...questioning whether it really is a con attempt because what they are asking for seems so innocent! That makes you more likely to respond than if they had made their play right from the start. And once you've exchanged a message or two you're far more likely to end up falling for their main play.

Improve this answer
4

This is a russian bride scam

They are flirting with you, and she'll immediately fall in love with you! (no matter that you don't even have the profile she saw!) and, at one point, you will be asked to give her money so she can visit you (sometimes there's another financial difficulty, like helping her pay some hospital invoices for her suddenly-sick mother). There are even cases where you visit her (see? she's not asking me money!) and are then tricked once you are there.

Improve this answer
3

Scammers can use your image to sell products by photoshopping you into holding the object or having the object around you. Those silly adds like "people right now are winning iphones!" etc, we suspect they were stolen images, not actual actors.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .