Franklin Veaux (tacit) wrote,
Franklin Veaux
tacit

  • Mood:

When big tech gets careless: Google Forms spam

So lately, I've seen a thing in my inbox. Well, I mean, I see a lot of things in my inbox, but this is an annoying thing: 419 scams inside Google Forms invites.

I'm getting a ton of these:

Google forms spam

In spam fighting communities, these are called "419 scams," from Section 419 of the Nigerian criminal code. Most of them originate from Nigeria, and they’re a form of scam called “advance fee fraud,” where the scammer promises to give you a lot of money if you just pay these fees (bank certification fees, wire transfer fees, blah blah blah whatever) in advance. You pay all the fees and then you get…nothing. That’s it. That’s the whole scam.

I’ve noticed an absolutely enormous uptick in 419 scam emails using Google Forms as well. In fact, I’ve spent the past few weeks collecting examples and figuring out what’s happening, and I think I have a handle on what’s going on.

419 scams are a large, bulk-market business. Maybe 1 person in 10,000 is dumb enough to fall for these scams. (Fun fact, the scammers use the slang term “maga” to refer to the dupes fooled by these scams; in a pidgin of English and Yorùbá often used by these scammers in Nigeria, “maga” means “fool.”) That means a 419 scammer has to send a lot of emails to succeed.

But spam filters, especially Bayesian filters, have become really, really good at detecting 419 scams. In fact, many spam filters actually have “probably 419” as one of their identifiers for spam email.

Enter Google.

Google lets people send emails for free using Gmail. However, Gmail mail gets passed through normal spam filters, which flags the bulk of 419 scams.

However, Google has a service where you can create a Google Form and then invite people to visit your Google Form. And for some reason I don’t understand, outgoing invitations from Google servers for a Google Form don’t pass through Google’s spam filters—don’t ask me why.

Furthermore, the Google Form header or HTML wrapper or something seems to prevent client-side or email-host-side spam filters from identifying the emails as 419 scams, too. Why? ¯\_ಠ_ಠ_/¯

For whatever reason, 419 scams that appear within the body of a Google Form invitation fly right past spam filters. As soon as the 419 scammers discovered this, they were all over it like flies on cowshit. At the moment, I’m receiving several of these emails an hour.

It started a few weeks ago and shows no sign of letting up. I’ve emailed Google’s abuse team multiple times about it but so far no reply.
Tags: computer security, spam
Subscribe

  • An update to the Map of Non-Monogamy

    Way, waaaaaay back in 2010, I created a Venn diagram (well, if you can still call something a Venn diagram when it has dozens of bits that intersect…

  • I wrote a new thing!

    For the first time in more than a year (has it really been that long?), I've added a new page to the More Than Two site: Is polyamory unnatural?…

  • On building a culture of consent

    It's predictable. That's the most infuriating thing about it: it's so goddamn dreadfully predictable. If it were a surprise, we could at least say…

  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment