Search and replace spam

by , under life, o tempora, tech

After the War and Peace ebook disaster, which I still think may be an elaborate hoax, I had a local search-and-replace deluge of my own.

I had a few dozen in all before the self-learning filters got the message. The subjects varied, but they all came down to “we couldn’t process your bank payment” in bad machine translation. The body text, in equally bad machine translation, varied less: an elaboration of “we couldn’t process your payment” with a link labelled “The copy of your payment slip”. In this particular message the link goes to a legitimate website: an institution that I found with a web search. It’s the right base URL, but the page is spurious: I expected 404 (not found) but got 500 (internal server error). Other messages have a more suspicious-looking link, which I didn’t try, not even in pieces.

So what’s the interesting thing about this bout of spam? See the second line in the picture (the first readable line): it says De meldbank over de weigerbank van uw betalbanksopdracht in de bank. Every -bank- sequence, except possibly the last, is a search-and-replace error: it should be -ing-, De melding over de weigering van uw betalingsopdracht in de bank, which is bad Dutch but with real words, “The notice about the refusal of your authorisation of payment in the bank”.

I didn’t know what had happened until I realised that a major Dutch bank is called ING, in fact the bank I bank with. I even got spam ostensibly from ING (the blue line) telling me to check my account in wording that I could have taken for a real message, except that (a) I know that the bank never sends me mail telling me to check my account, (b) I have HTML mail turned off so I could see that the “check here” link wasn’t real, and (c), the deadest giveaway, it was addressed to an email address that not only isn’t my personal address that the bank knows, but also effectively hasn’t existed for years, it just gets forwarded. Just like the one in the message I screenshotted, in fact (only a different one).

So what they did was replace every occurrence of ing in the subject and the body text by bank, with hilarious results. It really Nookd my interest.

Leave a Reply

  • This site uses Akismet to reduce spam. Learn how your comment data is processed.