|
|
Joe St Sauver, Ph.D.
Director, User Services and Network Applications
joe@uoregon.edu
Even though the university blocks most spam on Oregon, Darkwing, and Gladstone, a trickle of spam will probably always slip through and annoy folks.
Any time we talk with people about that spam, someone will inevitably say, "Well, someone must be buying the stuff that's getting spamvertised, or spammers wouldn't keep sending spam, would they?"
That's an interesting thought, but an incomplete analysis.
It is true that spammers wouldn't keep sending spam if they weren't making money from spamming. But the mechanism by which they make money often has nothing to do with the sale and delivery of an actual product or service.
Some spammers have a business model that lets them make money as long as people simply visit their website. You don't need to sign up for a spammer's online porn site, for example, because just visiting their publicly available website will be enough to ensure that the spammer gets advertising revenue from banner ads displayed on those pages.
This has an ironic implication: if you can convince people to click on an "unsubscribe" link (in a futile effort to stop getting spammed) you can make money from them the same way you would if they clicked on a web page for more information about a spamvertised product. We thus reiterate the recommendation we've made many times before: don't attempt to "unsubscribe" if you receive spam. If you do, you'll probably just end up with more spam, not less, and you may be putting money in some spammer's pocket.
You should also know that spammers who are relying on ad impression revenues will commonly put you into a linked series of pages —as you try to close one unwanted page, another unwanted page will pop up to replace it, thanks to Javascript. (Remember, we encourage you to configure your browser to run with Javascript disabled by default, although disabling Javascript may cause problems when you try to use some legitimate sites.)
Why do spammers take you from one unwanted page to another? Because every page they can force you to visit equals more ad impression revenues.
In other cases, spammers make money by honest-to-god fraud. Is there anyone out there who hasn't received email asking them to URGENTLY HELP WITH THE CONFIDENTIAL TRANSFER MILLIONS OF DOLLARS IN OVERINVOICED RECEIPTS out of Nigeria?
Add to that fraudulent sweepstakes and lottery offers where no one ever wins (except the person perpetrating the fraud), various multi-level marketing/get-rich-quick schemes, online chain letters, and other types of fraudulent spam scams that have become so overused and hackneyed as to become almost laughable.
Other types of fraudulent spam are at least somewhat more subtle. For example, consider pump-and-dump stock tout schemes. These schemes attempt to "pump up" the value of a selected (fundamentally worthless) "penny" stock to astronomical levels, at which point the perpetrator can sell ("dump") that stock for a profit at others' expense. Although the Security and Exchange Commission (http://www.sec.gov/) does investigate and prosecute that type of stock fraud, their prosecution of a pump-and-dump fraudster may not result in recovering money you've lost.
In still other cases (particularly when a spammer is selling an "embarrassing" personal product or an illegal/quasi-illegal product, such as prescription medications without a prescription or cable descrambling devices), no one should be surprised when their check or money order is cashed but the promised product is never delivered (or, if some sort of product does get delivered, it fails to perform as advertised).
Spammers know, and rely on the fact, that their victims will probably be too embarrassed to contact the authorities to report that:
Or, consider the case of illegal/quasi-illegal products: if you order a satellite pay-per-view theft-of-service device from some person in Argentina and it never shows up (or it shows up but doesn't work), do you really think the police will be sympathetic and inclined to make your loss their top priority? Many authorities would be more inclined toward charging you with conspiracy to commit theft of television services!
If you want government help when you've been scammed, you need to come to the table with "clean hands" yourself. Don't let spammers con you into sending money to try to buy some illegal or quasi-illegal product or service.
Other spammers may make their profits by offering "free" access to online porn, with the only "minor" catch being that you need to use their "special software" to access that "free" site. In reality, the "special free software" is often a trojan horse, or a computer program that claims to be doing one thing while secretly doing something completely different.
For example, the "free special software" a "free" porn site may provide you could actually be using your modem to dial an expensive Caribbean 900-type pay-per-minute phone number without your knowledge or permission—until suddenly one day you get a phone bill for hundreds of dollars worth of calls made to some offshore destination. Good luck disputing those charges with the phone company!
Never load any software that a spammer or spamvertised website tells you you "need." Trust me, you don't need that software (or the pain it will bring you).
In other cases, the spammer isn't after just a few hundred bucks, he's really after your your name, address, credit card number, and credit card expiration date. Once he's got that information, he, or an accomplice, can then proceed to run up your credit card until:
a) he hits your card's credit limit, or
b) the credit card company discovers the fraud in progress and cancels your account, or
c) you get a bill for thousands of dollars worth of stuff you never purchased.
Fishing for credit card information this way is probably the single most common spam-related fraud on the Internet today, and is a prime reason why many businesses will no longer accept credit cards as a means of payment for orders shipped outside the United States or Canada, or will only accept credit cards for payment when the card's billing address and the order's "ship-to" address agree.
Other scamming spammers are playing an even more serious game: they don't just want your credit card information, they want your entire identity.
If a scammer can convince you to divulge your Social Security number and date of birth and private financial details such as your bank account numbers, perhaps as part of collecting information online for a "mortgage application," they can fundamentally destroy your financial identity.
Never provide detailed personal or financial information to any online entity that solicited that information from you via spam.
Other spammers make money through the sale of spam transmission software, and CDs full of addresses they've scraped from web pages, and lists of open proxy servers and lists of open SMTP relays. These guys sell spam support services to naive people who incorrectly believe that spamming is okay, or that spamming will result in a sudden surge in business and a financial windfall. This is somewhat like an advertising agency that makes money whether the products they help advertise actually sell or not.
Some of the world's largest telecommunication carriers are also among the entities making money from the sale of spam-related services. These carriers are perfectly willing to provide connectivity for spamvertised websites, for example, so long as the spam doesn't actually get sent from that connectivity (and with hundreds of thousands of open proxies out there, well, there's no need for a spammer to be that gauche!). Sales of high capacity transpacific and transatlantic OC3 and OC12 circuits to "strategic" customers are just too lucrative (and too potentially crucial to carriers teetering on the edge of bankruptcy) for those carriers to risk jeopardizing those revenue streams with trifles such as enforcement of an acceptable use policy!
So the next time someone tells you, "You know, spammers wouldn't keep sending spam if people weren't actually buying the stuff spammers were promoting!" step forward and tell them, "Hold on a minute! That's not true! Let me tell you a little about the economics of spam..."