Dear Friend - The poetry of phishing

It all began in the late nineties, when “spam” – the name supposedly originated with the famous Monty Python “Spam” sketch – was already on its way to becoming a major annoyance that made up a huge percentage of all email sent across the World Wide Web. Today, email servers have filters that are better at identifying spam, but depending upon whose statistics you consult, it still (conservatively) comprises at least 50% of all incoming email, if not much, much more.

Back then, when I still regularly found spam in my inbox, I became fascinated with the contact-spoofed names that appeared in the “From” line of messages addressed to me - Jesus McDonald, Harmony Boucher, Christine Newshoes. Some were a mixture of first or last names that appeared to be harvested from my own contacts (I’m still not clear on exactly how this is done - feel free to explain if you know), and later, Facebook “friends”, while others were quite imaginative, scraped from an unknown source. They were probably bot-generated, but they were nonetheless filled with unintentional humour. I maintained a list of my favorites.

As the spam industry grew, overwhelming servers everywhere with unwanted messages, they spawned yet another industry for products to filter and prevent these intrusions, and the content (and subject lines) of these letters became more elaborate in an effort to sneak by those pesky filters. Even if they were now sent by bots, in the beginning, a human started it all by inventing the story that would unfold in each attempt. When the goal is to convince targets to reveal sensitive information, these attempts are called “phishing”. Wikipedia lists a variety of phishing techniques in addition to spam that include vishing (voice phishing), targeted phishing (spear phishing and whaling), smishing (SMS), quishing (QR code), cross-site scripting, and man-in-the-middle two-factor-authorization (2FA) attacks”.

Like modern-day folklore, in the email version, many of these plots have become familiar and meme-worthy. Early email attempts involved royalty, like the popular “Nigerian prince scam”. Over time, the “prince” appears to have been replaced by more believable characters – someone in another country has a relative who has died and left them a large sum of money, usually in US dollars. The sender requests that you share connection info for a bank account where this inheritance can be deposited in exchange for a cut of the take. Often you are asked to make a deposit to cover the transfer cost. This was similar to pre-internet phone scams that told folks they had won something valuable and needed to pay the tax via deposit in order to claim the item.

In early days, the emails were short and to the point, with little explanation or justification for the request, but over time, I noticed that they were evolving. The salutation was always something like “Dear Friend”, “Hello Dear”, and even “Beloved”. The sender began to identify themselves as male or female; the same for the dead relative or sometimes a “client”. They used a believable name, and the sender described what they did for a living and made references to where they worked. Sometimes they had been married to the deceased, who often bore a common, distinctly Anglophone name. One email I received told an extremely complex tale, involving someone who died in a well-publicized plane crash (complete with a link to the BBC story about it). The sender also wrote about the great things they were planning on doing with the money from the supposed inheritance – pay for school or a medical bill, feed their children, buy a house – something you’d be empathetic to. Often, they would claim to be from an African country, not always named. Sometimes the deceased relative was from a different country than the sender. And the story began to include a “direct phone number” that you were encouraged to call for a one-to-one discussion of the situation. This was a new angle, and this phrase was repeated in numerous emails I received from different senders. These scams came to resemble old-fashioned storytelling, adding detail and embellishments to the initial pitch.

Later, as investigators and ordinary folks wised up to the many versions of these attempts, it was discovered that the perpetrators were anything but African - their IPs tracked to Russia, the US and elsewhere. Perhaps the initial creators of this approach were actually the now infamous Nigerian scammers, but eventually that creative distinction was stolen from them. Maybe it’s true that imitation is the greatest form of flattery – or maybe imitation is simply theft.

I began saving some of these emails because I was fascinated by the way they were written. There was a certain rhythm to each story and I could hear the accent in the flawed English, which might have been translated, or simply the way somebody in another country had learned to speak it. Sometimes it made me laugh out loud. But the thought also crossed my mind that maybe this was intentional, designed to subtly charm the recipient. Most of the time, it was the way the message was written that let me know what it really was. While I knew the intent was to convince gullible recipients (hopefully, me) to share personal information or part with their money – a part of me admired the elaborate creativity of the effort. As far as I know, we still don’t have an easy way to determine the true origin of these scams, whether they’re actually from desperate individuals in impoverished countries or from standard-issue criminals elsewhere. The optimist in me would like to believe that in the beginning, someone who was truly in need got creative with this approach. While it is inarguably criminal, it seems like we should know better by now not to click on unsolicited links in email messages, or to hand over personal info when the “IRS” phones you to warn that you’ll be heading to prison if you don’t make that overdue tax payment. It’s the harsh, digital equivalent of survival of the fittest, the person on the street corner holding out a cup and offering up a sad story.

Late one night, not long ago, I opened my email to discover a long spam letter that had somehow escaped the usually unforgiving email filters. Out of curiosity, I read on, as it had a most compelling meter that immediately transformed it into music in my head. I copy-pasted it into my digital notebook. I received another not long afterward that contained some new variations on a similar tale, so I collected that, too. A few days later, I picked up my guitar and out came the combined “poetry” as a song.

This led me to thinking about the issue of copyright infringement. What if I “borrowed” these lyrics? Since their intent was to convince me to part with my money, the idea seemed fair – after all, copyright law applies to “an original work of art in a fixed medium”. It would be a stretch to classify these attempts as art and the number of emails I’d received containing nearly identical language indicated that they were somewhat less than “original”. I included the complete “direct phone number” in the original version of my song but later decided against that when I pictured some curious listener actually dialing it up (I’m dating myself here). I’ll have to attribute these lyrics to the public domain, since over the years, literally millions of people have discovered them in their inbox or spam folders, never wondering too deeply about their origin. And it is strange to realize that more people will have seen those “lyrics” than will likely ever hear my song.

Dear Friend

Comprised of spam emails from two sources. Spelling stands uncorrected.

Dear Friend, I know this mail will come to you as a surprise
Since we have not meat before anyway
I am Mister N’zoueba, a banker by profession
And director of account department of a bank in Abidjan
I am contact you for an important transaction
Which will profit to both of us one-hundred percent risk-free
Here there is a client, a woman from South Africa
Who has the sum of four-point-five million US dollars

But she is dead now, I have officially confirmed
And the fund here it has no beneficiary clause on it
Now anyone that I will introduce as beneficiary
And fix his or her information in our computer system
Will be able to claim this fund without a problem at all
That money will be released to him or her without any single doubt
So I look forward to hearing back from you soon
Please use direct phone number, best regards Mister N’zoueba

Hello Dear, I’m Miss Adab Essame
I want to be your friend and confide in you, I have in my possession
One-hundred-ten kilograms, gold of twenty-two carat
Left to me by my late mother, I want to ship to your country
To sell for investment, to pay my education
I write you purely on the ground of faith, because I don’t know you
And we have not met before, my mind convinced me I can trust you
Waiting to hear from you, Sincerely Miss Adab Essame

Bro, aren’t u aware

I recently received the email message below (quite formal for a blackmail threat) and a text attachment that would supposedly lead to a video of me performing a compromising physical act. I wasn’t too worried about this possibility, especially as I don’t have the required anatomy. I didn’t click on it, but I must admit, the text does demonstrate a certain poetic flair.

Bro, aren’t u aware
That if you pull ur sausage that hard,
You might tear it off?
It’s ridiculous
And at the same time lamentable
To see how an adult
Is such addicted to jerking.
Could u imagine what others may feel
As soon as they see ur addictions?
Perhaps, I would not have been able
To record a videoclip with u,
If u took a little care of ur safety.

References

https://en.wikipedia.org/wiki/History_of_email_spam https://en.wikipedia.org/wiki/Phishing https://en.wikipedia.org/wiki/Spam_(Monty_Python) https://www.investopedia.com/terms/n/nigerianscam.asp