Legit Comments From Spammers?

Things used to be so simple.  If I got a comment that was in Russian, I would mark it as spam.  If I got a comment promising me “extra inches” or “wealth”, I would mark it as spam.  If I got a nonsensical comment, I would look at the URL and, sure enough, spammy link goes in the spam bin.  Truthfully, I’d rarely mark these as spam myself.  Akismet takes care of this for me most of the time.  You get the picture, though.

Recently, though, the line between spam and normal comment has blurred.  At first, it was valid comments that appeared to somehow hijack CommentLuv.  Upon further investigation, this turned out to be spammers copying previous comments and using them for their own comments.  (Replacing the links, of course, to be their own spammy links.)  That was annoying, but once I was on to their trick they couldn’t get by me.

Now, though, the spammers have me in a quandary.  And I’m not even sure it’s spammers I’m dealing with.  You see, I’ve recently had a few comments on my blog posts that are completely on topic (referencing specific themes of my post or my kids’ pseudonyms), use proper grammar and spelling, and are (as far as I can tell) 100% original.  No copying bits and pieces to form a Franken-comment here.  This wouldn’t be a problem except that the links given trigger my internal spam-alert sirens.

Is that comment really a valid one about my blog post even if the site linked to reeks of spam?  Should I allow it to remain on my blog?  Should I take it down?  Should I remove the URL so that the comment remains but the link doesn’t?  So far, I’ve been removing them entirely, but I’m afraid of removing a valid comment from someone whose URL just looks “different.”

Have you encountered comments like this?  If so, what did you do with them?

Aloha Friday: Spammers, Scrapers and Thieves, Oh My!

I had a great Aloha Friday question all lined up, but it’s going to have to wait. As I was headed home, I got a call from B. She searched Twitter for #DisneySMMoms and found a tweet from a user named EsterlDode titled "#DisneySMMoms 2010 – A Not-So-Impossible" followed by a URL. Now, she recognized this as the beginning of my latest DisneySMMoms post so she clicked the link wondering what she would get. She was greeted by my webpage. Except it wasn’t my webpage.

» Read more

CommentLuv and Spammers Redux

After my CommentLuv and Spammers post, I figured I was done with the topic. After all, I had figured out the spammers’ latest tactic and the CommentLuv authors had figured out a workaround. Alls well that ends well, right? Well, not quite. Turns out there’s a wrinkle to this story.

I should have seen this coming, to be honest. My initial spammer, who called himself “Bruce”, actually posted two comments. One had the hijacked CommentLuv link but the other didn’t. I felt this was odd but didn’t look into it. Then, a few days ago, I was looking through my spam posts, since valid comments sometimes get mistakenly marked as spam, and I found what looked like just another CommentLuv-hijacked spam comment. It was on my Aloha Friday: Happy B-Day JSL & Your Favorite Winnie the Pooh Character post.

The first interesting thing was that this spammer hijacked B’s CommentLuv link. At first, I chuckled over this as I know for a fact that B’s real name isn’t “Emily” (the spammer’s supposed name). As I was about to delete it, I stopped, though. Emily had written: “Eeyore since he is adorable in his positively pessimistic mannerisms ;)” Now that seemed awfully familiar. Almost like something B would write. So I looked back at B’s comment on my post and sure enough, it was the same. Emily had not just stolen B’s CommentLuv, she had stolen B’s entire comment! The CommentLuv link was just going along for the ride. (As an example of irony, a spammer named “Steve” stole the entire comment that Andy, the CommentLuv developer, left on my CommentLuv and Spammers post.) I looked back at Bruce’s previous comments (which I had kept in my Spam queue). Sure enough, they were lifted from other, real commenters.

So it looks like the spammers’ new method isn’t “lift the CommentLuv links”, but rather “pull some random comment from a post and use its text for your own comment.” The hope here (for the spammer) is that the author will see the text as being relevent to their post (which it is being from a real comment and all) and let the spam post through, thus allowing a link to the spammer’s website.

The good news is that Akismet seems able to catch these and send them into the Spam queue. All that bloggers need do is exercise a little caution when approving comments. Keep an eye out for spammers posing as legitimate commenters and you should be fine.

CommentLuv and Spammers

I’m a big fan of CommentLuv. It lets me reward my commenters with links back to their blogs. It also introduces me to blogs that I might not have otherwise stopped by (either due to a comment on my blog or a CommentLuv-enabled comment on someone else’s blog).

Not too long ago, B brought an issue to my attention. Apparently, a spammer tried to post to her blog. Akismet caught the spammer, but what worried her was the CommentLuv link. Despite filling out his URL, CommentLuv was showing a different, legitimate blogger’s CommentLuv link. We wondered how exactly he was able to pull this off and worried that it might mean the beginning of spammers abusing CommentLuv. A short while later, this same spammer tried to spam my blog with the same tactic. Again, Akismet caught it. Instead of deleting the spam like I usually do, however, I decided to hold onto it to examine it.

» Read more

In Trouble With THE F(ake)BI

While cleaning out my Yahoo inbox, I found this little gem:

Website: www.fbi.gov
Please note that the F.B.I will be in your door post in the next 7 working days for an interrogation about your involvement in attempt of illegal money transfer in your bank account. It was revealed to our team by the INTERPOL that you were involved in trying to conclude an international money transfer into your bank account without following the due process, thereby, indicating possible money laundering and terrorism sponsorship. Recall, you were asked by the Nigerian Central Bank governor to obtain the Diplomatic Seal Of Transfer {DIST} that will clear you of any involvement in this dastard act but you ignored that.
We advice that you contact us immediately as the money have been Stopped and is being held in our custody until you are able to provide us with a diplomatic immunity seal of transfer (dist) within 14 days from the Central Bank Nigeria that authorize the transfer from where the funds was transferred from to certify that the funds that you are about to receive from Nigeria are Anti-terrorist, Drug and  Money Laundering free.
To this regards, you are to re-assure and proof to us that the fund you are about to receive has nothing to do with Terrorist, Drug  and Money Laundering fund by sending to us the FBI Diplomatic Immunity Seal Of Transfer(DIST) to prove to us that the fund you are about to receive is legitimate. You are to forward the documents to us immediately if you have it in your possession. If you don’t have it, let us know so that we will direct and inform you where to obtain the document and send to us so that we will ask the bank holding the funds to go ahead and credit your account immediately.
However, if we receive a confirmatory message from the Anti Fraud Department of Nigeria Economic and Financial Crimes Commission that you have procured the document or paid part payment for the procurement of the Diplomatic Immunity Seal Of Transfer (DIST) document as directed by the F.B.I, your case will be discharged and acquitted. The choice is yours. Here is email address efcc_nig.org@hotmail.co.uk. Contact them now to ensure that you secure the {DIST} document.
Faithfully Yours
Mr. Robert S. Mueller

Does anyone really fall for this?  First off, I’m sure that were the FBI really investigating me, they wouldn’t send me an e-mail requesting documents.  Some nice men in suits would show up at my door (hopefully with a search warrant) and would either get me to hand over what they needed or would take it themselves.

Secondly, the "FBI" e-mail address is a Hotmail account?  From the UK?  I guess the FBI needs more funding to set up their own mail servers if they’re forced to use free e-mail accounts from other countries!

Sadly, I know that people do still fall for these kinds of scams.  The economics of the scam dictate that they will keep getting sent.  The scammers can pay $10-15 for a list of hundreds of millions of e-mail addresses.  Then they hijacked computers to send out their "Rich Nigerian Prince Has Died And Is Giving You His Money" scam letters.  They don’t pay much for bandwidth since the hijacked computers are doing all the work.  If they send out 100 million scam e-mails and only 1 hundredth of one percent of the people turn out to be suckers, that’s 10,000 people who will be sending them money.

You can see how their modest investment can turn into a financial windfall.  (I’ve often said that I could easily be rich if it weren’t for this pesky sense of morality.)  Unfortunately, since it remains a money making operation, we’re going to be forced to hit the Delete (or better, Report Spam) key on these e-mails for a long time to come.

1 2 3