By continuing to use this site, you agree to our use of cookies. Find out more
Forum sponsored by:
Forum sponsored by Allendale Jan 24th

Mysterious Russian Emails

All Topics | Latest Posts

Search for:  in Thread Title in  
Andy Stopford25/10/2021 21:09:09
104 forum posts
16 photos

I've recently been receiving emails to my gmail account which are either content-less, or have a series of code group-like letters/numbers in the message body, e.g.

agpbq VBFCE 7 yfkt UCHEJX 01 fetd IADOO 33 zpqh NTCUJ 0

wwbo XAZWW 35 dhawr IWFAP 0 kxsx ATDGD 44 qnsf INNVDFL 8

or:

wpPXGCQXT jzTSFCNQO ujTDJNWBP hdEYLJDPT nnSFLYGKG arXUZAFVV

There is no subject, and each email has been sent to around 10 gmail addresses. The sender's name is always different - the first above was (apparently) sent by one Tommie Ribot, the second by a Liz Kindt.

All have an xhtml attachment, with a Russian file name.

Obviously, I had to find out what the attachment was, but I didn't really care to open it on a computer which was in everyday use. Therefore I dug out my Raspberry Pi3, connected to my gmail account, and downloaded the attachment.

Rather than running it immediately, I opened it in a text editor, which left me not really any wiser, except that it did indeed appear to be an .xhtml

OK, so the next thing was to actually run the thing in a browser.

My first attempt, using the Pi's default Chromium browser, crashed - which might have been an indication of something exciting happening, but it tends to do that with Chromium anyway. I re-tried it with the Midori browser, which seems to be more within the Pi's capabilities and it connected to a website:

russian_email.jpg

Aha! the mystery is solved (sort of). Its something to do with Bitcoin. Using Google Translate I find it promises I can make $2000 to $5000 a month using my smartphone automatically! Fantastic! It goes on to say:

We have posted for you a detailed review of the Bitcoin
BONUS working service! "Where can you earn your first
Bitcoin (worth more than 2,700,000) rubles using your
mobile phone !!" - We would like to say so, but in
practice it turned out less!

I'll bet it did.

Well, a somewhat tedious explanation in the end, but I'm left wondering what the mysterious code in the original emails is. Maybe they've given me a Bitcoin. I'd like to say so, but in practice I suspect it would turn out less.

JasonB26/10/2021 06:55:47
avatar
Moderator
21613 forum posts
2490 photos
1 articles

We get them a lot on the forum a spam posts I assume it is because a keyboard set up for Russian characters is being used it does not come out too well. The spam ones here are mostly just a series of ????? with a link to whatever they are flogging somewhere in the text.

SillyOldDuffer26/10/2021 13:01:03
Moderator
7675 forum posts
1693 photos

Possibly the code-like characters are to get past Spam filters and entice humans.

As empty content is a little suspicious and might get an email blocked, they may be putting random characters into the text to fool the machine.

More. One way of detecting spam is to score suspicious words in the text, sending email to the spam folder whenever some total is exceeded. Spam word examples: dollars, prize, earn, guaranteed, promise, free, bonus, money, extra, promotion, deal, special etc, and phrases like 'once in a lifetime'.

Reading random characters, a computer spam filter won't find any words that add to the spam score, and the weirdness might intrigue a human enough to follow the link.

Dave

blowlamp26/10/2021 13:20:22
avatar
1527 forum posts
98 photos

Ignore the email, but take the hint to get some bitcoin while you can for under $63,000 US!

Martin.

Howard Lewis26/10/2021 21:41:40
5528 forum posts
13 photos

My advice would be to avoid like the plague.

Delete, and then delete from the Trash box.

Some of these "Become a millionaire in a month" sites are there to tempt the greedy and unwary.

Some of the obvious scam messages received have had Russian suffixes. ALWAYS, in my view, dodgy.

Howard

Tim Stevens27/10/2021 17:24:55
avatar
1490 forum posts

They might not be random letters. There are several systems in use for turning letters and numbers into digital messages. So, your message may have set off in Russian or at least Cyrillic (to match the picture text) but was not understood by your computer - which did its best but produced garbage.
Some words in this system you are reading now come out in odd characters - especially for punctuation, fractions, etc.

Cheers, Tim

Andy Stopford27/10/2021 20:29:36
104 forum posts
16 photos

It certainly seems plausible that this is an attempt to render Cyrillic unicode (or whatever) as Roman letters, though it doesn't explain how some of the messages, such as the second one above) are divided into blocks of equal numbers of letters; of course that might be some normally-under-the-bonnet aspect of the implementation manifesting itself.

Dave suggested:

"Reading random characters, a computer spam filter won't find any words that add to the spam score, and the weirdness might intrigue a human enough to follow the link."

Maybe - it worked for me!

Howard - that's kind of the point. I was expecting an ingenious scam, and ended up with junk mail trying to sell me something I don't want. Mind you, after reading Martin's post, I checked the current Rouble price of Bitcoin. Very interesting, tovarishch.

Chris Mate27/10/2021 21:00:00
24 forum posts

Hi, I saw this type of a thing since 1 oct 2021 for the 1st time, it seems from the same source but the email adress keeps on changing as I block them. Then at 2 weeks in it stopped coming, now just a few now and then..

vwxhw2fB435K5E-2QlRDXBBA241OiW@2QlRDXBBA241OiW.wXP4bGK4Jb.XX.YY

What is this=The whole part before .XX.YY keeps changing.

SillyOldDuffer28/10/2021 11:22:22
Moderator
7675 forum posts
1693 photos
Posted by Chris Mate on 27/10/2021 21:00:00:

Hi, I saw this type of a thing since 1 oct 2021 for the 1st time, it seems from the same source but the email adress keeps on changing as I block them. Then at 2 weeks in it stopped coming, now just a few now and then..

vwxhw2fB435K5E-2QlRDXBBA241OiW@2QlRDXBBA241OiW.wXP4bGK4Jb.XX.YY

What is this=The whole part before .XX.YY keeps changing.

You and I can't easily change our sender addresses, but it's trivial for an expert to set up an email server that can, or to write a special client. So the senders address on an email can be whatever the sender wants it to be. As there's no central directory of valid email addresses that can be checked the fake address only needs to be in the correct format, viz: name@domain

When the sting is an internet link, the bad-guys change the sender address to avoid blacklists. But they have to use a real email address when the scam involves replying to the email.

Computer security is analogous to what house-breakers do. They check the street out for secluded houses with no alarm and a reasonable escape route. Empty houses are preferred because occupants and dogs are mean trouble. Open windows and keys hidden in flower pots etc. are helpful. Wooden frames and older double glazing units are easier to penetrate than modern. If the front is too public, try the back and exploit anything the owner has left lying about: garden forks and spades are handy. All these methods have a computer equivalent.

It's not dead easy to hack a computer or fool the owner though. Quite difficult to craft a completely convincing fake email and reading them carefully is usually enough to spot a wrong 'un. However, they rely on coincidence: if you happen to be sorting out a problem with Amazon, your Bank, HRMC or Pharmacy and an apparently related email arrives you might well fall for it. As millions of fake emails can be sent very cheaply, it's only necessary for criminals to catch a tiny percentage off guard to make a profit. About a third of UK crime by value is fraud. Be alert! (Britain needs Lerts.)

Dave

Edited By SillyOldDuffer on 28/10/2021 11:24:51

larry phelan 129/10/2021 17:22:03
1113 forum posts
14 photos

IVAN is vaching you !!!

Bill Dawes01/11/2021 18:41:27
493 forum posts

Get loads of these at work (yes 79 years old and still working) sometime ago there were a lot of what looked like random extracts from medical research reports.

Bill D.

All Topics | Latest Posts

Please login to post a reply.

Magazine Locator

Want the latest issue of Model Engineer or Model Engineers' Workshop? Use our magazine locator links to find your nearest stockist!

Find Model Engineer & Model Engineers' Workshop

Latest Forum Posts
Support Our Partners
rapid Direct
emcomachinetools
walker midge
cowells
Warco
JD Metals
Eccentric July 5 2018
Eccentric Engineering
Subscription Offer

Latest "Wanted" Ads
Get In Touch!

Do you want to contact the Model Engineer and Model Engineers' Workshop team?

You can contact us by phone, mail or email about the magazines including becoming a contributor, submitting reader's letters or making queries about articles. You can also get in touch about this website, advertising or other general issues.

Click THIS LINK for full contact details.

For subscription issues please see THIS LINK.

Digital Back Issues

Social Media online

'Like' us on Facebook
Follow us on Facebook

Follow us on Twitter
 Twitter Logo

Pin us on Pinterest