HACKER Q&A
📣 erdaniels

What is this spam email's motive?


For the past four years, I've been getting unauthenticated spam in the guise of amazon.co.jp (yes I like to look through my spam folder). I get emails daily that always lead to almost legit looking .com's that 302 to 7 character .cn's that then 302 back to google (while setting a PHP session cookie). They all lead to the same IP address that is also SSH accessible.

Taking all of this at face value, what's their game here?

* Collect data on IP addresses as silly as me to click through links?

* Hope someone tries to access their SSH?

* Wait for someone to load an image in their email that has some 0-day?

  👤 repelsteeltje Accepted Answer ✓
Suppose that beyond confirmation that you actually received and looked at the email, they don't learn a lot. Might be they aren't even interested in identifying the receiver, just some rough estimate on whether they're able to pierce through spam filters.

More interesting hints might be in the accompanying text. What kind of content was used to lure you into amazon.co.jp? What was the sent-from / reply-to info?

My impression is that spam is usually unsophisticated and amateur. They intentionally raise transaction costs by looking inauthentic, to weed out wary victims because those will just be a pain when they finally need to trick them into believing they should pay $10,000 to receive a million.

👤 tamimio
Most likely to know if that email was opened and the user was indeed tricked to click the link, so maybe later “promoting” your email into the actual phishing email list.
👤 gus_massa
> * Hope someone tries to access their SSH?

Never attribute to malice that which is adequately explained by stupidity.