In just today's e-mail, I've received offers of "$8.500.000,00 (Eight million,Five hundred thousand United State dollars)" and similar garbage. Like most such spam it includes a link that, were I to follow it, leads to Windows malware. But, I also received an e-mail informing me that a real law firm was suing me because I'd libeled someone in one of my recent stories. That got my attention. There was one problem: It wasn't real. It was a personalized spam message.
I didn't fall for it because I know how law firms work inside and out thanks to my lovely wife, and if someone were suing me, the first I'd hear of it wouldn't be via e-mail. Had I clicked on the link, which also looked real, the Web site would have tried to give me a case of Windows malware. Since I use a Linux system, the attempt did nothing but harmlessly bounce off my desktop.
Now, generic personalized spam is old news. You know the drill as well as I do. You get some trash message about cheap Viagra or some relative of a third-world dictator wants to give you a wheel-barrow of cash that uses your name. This was far more than that though.
This spam didn't just use my name, it used one of my real stories as an example. My first thought was that it was someone who disliked me and decided to try to rattle my cage. It turns out it wasn't. I contacted the law-firm, from which the e-mail appeared to have come from, and it turns out that someone had hacked their way into the firm's Microsoft Exchange e-mail servers and had used it to fire off a slew of spam messages to several thousand people.
I can't mention the firm's name because I'm helping them work out who did what to whom and someone is going to end up in real trouble with the law before we're done. Someone cracking a Microsoft Exchange server isn't news though. That happens all the time.
No, what surprised me is that we're just beginning to see a new wave of personalized spam. Think, for example, about how much information is already out there about you on the Internet. You've Googled your own name I'm sure. Now think about what a sophisticated data mining program could do with that information? It could, and it seems now it is, be used to power up spam that's customized just for you.
Google and the other search engines are the least of your problems though. Consider, for example, how much information about you -- not some other guy or gal with your name, but you -- that's available on Facebook. We already know that Facebook's privacy policies and security are, shall we say, weak. And, indeed, Facebook users, as a class, have already been targeted by spam attacks.
Soon, very soon, you may expect to see spam in your mailbox as well that sounds like it's a real message just for you because it mentions, say, that someone is suing you because your dog Chow-Chow bit a neighbor's kid at your real address. Will it be real or will it be malware? Sooner than you'd care to imagine you're going to have to decide for yourself the difference between messages that are credible and ones, which seek to damage your computer or defraud you.
Wonderful. Just wonderful.