Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That theory was always bunk. People just can't comprehend, that the average spammer really is that bad. So that theory was created to make sense of that.

Because of my work I investigated a lot of spam, and I discovered real life identities of senders in many cases (because of horrible or no exostent opsec). Most of them were either underage, lived in third world countries, or both.



Scams got sophisticated a while ago where they would exactly replicate things like password reset emails and such including a whole fake replica website that looks identical to the real one.

I saw someone fall for one recently where a scammer had created a fake announcement from an email sending company stating they were adding political messages to the bottom of your sent emails, and to log in to opt out. The look and feel of the email was pretty much perfect.


Once or twice, I've clicked through on a link in an email that was convincing enough to fool me, and what saved me both times was that I run NoScript.

It's so frustrating just standing by and watching as we descend into a low-trust society.


Scams are getting good enough that I'm now skeptical/paranoid every time I get a legit email.

"Click link" ? I think not. Gonna log in myself in a new window and try to navigate to the same thing on my own.


The sophistication of scam emails these days is a big part of the switch to Passkeys, just physically making it impossible to give your credentials to the scammer site.


it doesn't help that all these companies' legitimate emails contain suspicious-looking links in the first place. the link tracking/shortening that's built into these services isn't doing them any favors for their actually important emails


Remember that a large portion of the "real scam" is selling scamming techniques and systems to wanna-be scammers, some who never figure out how to replace the "insert viagra link here" text.


Phishing too. At one point in my job I was involved with taking down phishing sites, and we would sometimes get a copy of the Phish kit code from the site owner. These were basically extremely poorly written PHP scripts that people would buy from a scam-enabler and deploy to some website. The sophistication was the lowest possible level at each step. But even if you find the perpetrator bragging about it on Facebook, they're in Nigeria (for example) and the local government doesn't care at all.


A Belgian ethical hacker showed how insecure these phishing platforms are: https://inti.io/p/how-i-infiltrated-phishing-panels

(By the way, the perpetrators are closer to home than Nigeria).


The new trend is that the legitimate corporations sending you spam regardless of your communication settings, or even after unsubscribing for the 10th time.

Yes, I'm looking at you Teal HQ, you're spamming us even 3 months after deleting our accounts.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: