Skip to content
Naked Security Naked Security

Is this the ultimate spam fail?

We're not sure whether we ought to laugh at cybercrime. But sometimes you just have to smile at the antics of would-be cybercriminals.

We’re not sure whether we’re supposed to laugh at cybercrime, because that would mean we’re deriving delight from crookery.

But sometimes you just have to smile at the antics of would-be cybercriminals.

Like the advance fee fraudsters who had a successful racket running covertly from a plush beachside resort hotel room in Cape Town, South Africa, only to blow it all by lighting up a celebratory spliff.

As with unencrypted wireless internet traffic, they were sniffed from a neighbouring room.

That triggered a complaint that ended up with the cops investigating, and landing a much, much bigger bust than they’d expected.

Or the burglar in Queenstown, New Zealand.

He found it such hot work grinding his way into his local pub’s safe that he removed his balaclava.

Then he looked haplessly into the CCTV camera.

Local police posted his mugshot on Facebook and that was that.

And then there were the forum spammers who failed to have their comments approved despite flattering us with such positives as, “Youre so cool!”

Their next stop was to run down our writing, instead:

The next time I read a blog, I hope that it doesnt disappoint me as much as this 1. I mean, I know it was my option to read, but I really thought youd have some thing intriguing to say. All I hear is often a bunch of whining about something that you could fix if you happen to werent too busy looking for attention.

We couldn’t decide if we were more offended by the insults or by the spammers’ apostrophic abuse.

But the prize for our drollest example of online crime may have been scooped over the weekend by what is surely the Most Hopless Spam Ever Sent.

You have, no doubt, experienced unwanted email where the crooks’ spamming engine gets out of synch with their database, so that template variables leak into the email they send you.

We’re talking about absurdities such as:

Dear $1, We are pleased to offer you the finest quality $2 at prices that will be the envy of everyone in your home city of $3.

Or emails that give away a bit more about the mindset of the crooks, as in:

Greetings, %%CUSTOMER_­ID%%. As one of our truly %%FLATTERY_­EPITHET%% customers who is amongst our top %%GULLBILITY_­LEVEL%% %%LITERAL_­PERCENT_­SIGN%% of purchasers, you qualify to sign up to buy our latest %%SLOW_­SELLING_­STOCK_­ITEM%%.

This new example, however, took the concept of "boilerplate" to a new level.

Every single part of the spam was boilerplate, except for my email address, of course:

Actually, there was one part of the email that was genuine: the unsubscribe link.

Thing is, even if I were inclined to trust links in illegally-transmitted emails, I wouldn't want to click it.

I want to see how they'll up the ante in an effort to keep me interested if I don't reply this time.


I was more than a little confused by this one I received last week……..see if you can make any sense of it.

“Julian, The Lord of Murder shall perish, but in his doom he shall spawn a score of mortal progeny, chaos will be sown by their passage. Back at headquarters, the investigators find out that the killer has broken in and created a mess.
Thailand, with its low alluvial plain forming the centre of the country. Tell no one, leave now. As time passed, Hayley got involved in a group that protested the casino in town. Duke of Portland’s factor and the local curling clubs.
Also, sports day events and general achievement contribute towards the houses’s points totals. Noffsinger informed the landowner, a farmer named William Reams, of his discovery. Davide Rossi and drummer Mig Schillace.”

Confused? I still am


That’s the sort of crapola that spammers use to try to confuse spam filtering software/hardware. It throws together a mess of unrelated text blurbs, “randomly” selected from various public sources, to decrease the sensitivity of the filter to the actual spam content. SImply using a bunch of words would make it too obvious, but since these are complete sentences (or close enough anyway), it makes it seem like legitimate content overall.

I’m probably not explaining this very well, but hopefully you get the idea..?


My work account received a spam message last week that said the sender had “cogitated” about sharing his Euro Millions prize. While there is always the possibility someone might use “cogitated” for the more common word, thought, it is another example of “poor quality” spam. There must be a lot of higher quality spam, otherwise average corporate users would not be giving up their network login info so freely.


That last image was particularly interesting, since I was recently doing a search for something or other, and one of the result-links led to a web page that looked almost identical to your example. My initial reaction was that the boiler-plate was probably provided by the hosting group to anyone contracting to use them, to save time and effort (and all but a bare minimum of HTML knowledge) on the part of the latter.


Duck wrote “Or emails that away a bit more about the mindset of the crooks, as in:”

I’m not usually a grammar cop but since you are critiquing others’ creations I can’t resist asking whether something (perhaps “give”) is missing in your phrase quoted above.


“We couldn’t decide if we were more offended by the insults or by the spammers’ apostrophic abuse.”

Rather than “apostrophic abuse”, I would have expected something more like “anapostrophic neglect”; I have no idea whether “anapostrophic” is a real word, but it seems like such a Ducky term. And I absolutely mean that in a good way! ;-)


I quite like “anapostrophic”. It sounds like something fiendishly climatic (c.f. adiabatic) or conscientiously religious (c.f. anabaptist).

But I meant to conjure up ideas of catastrophe or apoplexy.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!