Mysterious Russian Emails

I've recently been receiving emails to my gmail account which are either content-less, or have a series of code group-like letters/numbers in the message body, e.g.

agpbq VBFCE 7 yfkt UCHEJX 01 fetd IADOO 33 zpqh NTCUJ 0

wwbo XAZWW 35 dhawr IWFAP 0 kxsx ATDGD 44 qnsf INNVDFL 8

or:

wpPXGCQXT jzTSFCNQO ujTDJNWBP hdEYLJDPT nnSFLYGKG arXUZAFVV

There is no subject, and each email has been sent to around 10 gmail addresses. The sender's name is always different - the first above was (apparently) sent by one Tommie Ribot, the second by a Liz Kindt.

All have an xhtml attachment, with a Russian file name.

Obviously, I had to find out what the attachment was, but I didn't really care to open it on a computer which was in everyday use. Therefore I dug out my Raspberry Pi3, connected to my gmail account, and downloaded the attachment.

Rather than running it immediately, I opened it in a text editor, which left me not really any wiser, except that it did indeed appear to be an .xhtml

OK, so the next thing was to actually run the thing in a browser.

My first attempt, using the Pi's default Chromium browser, crashed - which might have been an indication of something exciting happening, but it tends to do that with Chromium anyway. I re-tried it with the Midori browser, which seems to be more within the Pi's capabilities and it connected to a website:

Aha! the mystery is solved (sort of). Its something to do with Bitcoin. Using Google Translate I find it promises I can make $2000 to $5000 a month using my smartphone automatically! Fantastic! It goes on to say:

We have posted for you a detailed review of the Bitcoin
BONUS working service! "Where can you earn your first
Bitcoin (worth more than 2,700,000) rubles using your
mobile phone !!" - We would like to say so, but in
practice it turned out less!

I'll bet it did.

Well, a somewhat tedious explanation in the end, but I'm left wondering what the mysterious code in the original emails is. Maybe they've given me a Bitcoin. I'd like to say so, but in practice I suspect it would turn out less.

We get them a lot on the forum a spam posts I assume it is because a keyboard set up for Russian characters is being used it does not come out too well. The spam ones here are mostly just a series of ????? with a link to whatever they are flogging somewhere in the text.

Possibly the code-like characters are to get past Spam filters and entice humans.

As empty content is a little suspicious and might get an email blocked, they may be putting random characters into the text to fool the machine.

More. One way of detecting spam is to score suspicious words in the text, sending email to the spam folder whenever some total is exceeded. Spam word examples: dollars, prize, earn, guaranteed, promise, free, bonus, money, extra, promotion, deal, special etc, and phrases like 'once in a lifetime'.

Reading random characters, a computer spam filter won't find any words that add to the spam score, and the weirdness might intrigue a human enough to follow the link.

Dave

Ignore the email, but take the hint to get some bitcoin while you can for under $63,000 US!

Martin.

My advice would be to avoid like the plague.

Delete, and then delete from the Trash box.

Some of these "Become a millionaire in a month" sites are there to tempt the greedy and unwary.

Some of the obvious scam messages received have had Russian suffixes. ALWAYS, in my view, dodgy.

Howard

They might not be random letters. There are several systems in use for turning letters and numbers into digital messages. So, your message may have set off in Russian or at least Cyrillic (to match the picture text) but was not understood by your computer - which did its best but produced garbage.
Some words in this system you are reading now come out in odd characters - especially for punctuation, fractions, etc.

Cheers, Tim

It certainly seems plausible that this is an attempt to render Cyrillic unicode (or whatever) as Roman letters, though it doesn't explain how some of the messages, such as the second one above) are divided into blocks of equal numbers of letters; of course that might be some normally-under-the-bonnet aspect of the implementation manifesting itself.

Dave suggested:

"Reading random characters, a computer spam filter won't find any words that add to the spam score, and the weirdness might intrigue a human enough to follow the link."

Maybe - it worked for me!

Howard - that's kind of the point. I was expecting an ingenious scam, and ended up with junk mail trying to sell me something I don't want. Mind you, after reading Martin's post, I checked the current Rouble price of Bitcoin. Very interesting, tovarishch.

Hi, I saw this type of a thing since 1 oct 2021 for the 1st time, it seems from the same source but the email adress keeps on changing as I block them. Then at 2 weeks in it stopped coming, now just a few now and then..

[email protected]

What is this=The whole part before .XX.YY keeps changing.

You and I can't easily change our sender addresses, but it's trivial for an expert to set up an email server that can, or to write a special client. So the senders address on an email can be whatever the sender wants it to be. As there's no central directory of valid email addresses that can be checked the fake address only needs to be in the correct format, viz: name@domain

When the sting is an internet link, the bad-guys change the sender address to avoid blacklists. But they have to use a real email address when the scam involves replying to the email.

Computer security is analogous to what house-breakers do. They check the street out for secluded houses with no alarm and a reasonable escape route. Empty houses are preferred because occupants and dogs are mean trouble. Open windows and keys hidden in flower pots etc. are helpful. Wooden frames and older double glazing units are easier to penetrate than modern. If the front is too public, try the back and exploit anything the owner has left lying about: garden forks and spades are handy. All these methods have a computer equivalent.

It's not dead easy to hack a computer or fool the owner though. Quite difficult to craft a completely convincing fake email and reading them carefully is usually enough to spot a wrong 'un. However, they rely on coincidence: if you happen to be sorting out a problem with Amazon, your Bank, HRMC or Pharmacy and an apparently related email arrives you might well fall for it. As millions of fake emails can be sent very cheaply, it's only necessary for criminals to catch a tiny percentage off guard to make a profit. About a third of UK crime by value is fraud. Be alert! (Britain needs Lerts.)

Dave

Edited By SillyOldDuffer on 28/10/2021 11:24:51

IVAN is vaching you !!!

Get loads of these at work (yes 79 years old and still working) sometime ago there were a lot of what looked like random extracts from medical research reports.

Bill D.