April 06, 2010, 6:44 PM — In just today's e-mail, I've received offers of "$8.500.000,00 (Eight million,Five hundred thousand United State dollars)" and similar garbage. Like most such spam it includes a link that, were I to follow it, leads to Windows malware. But, I also received an e-mail informing me that a real law firm was suing me because I'd libeled someone in one of my recent stories. That got my attention. There was one problem: It wasn't real. It was a personalized spam message.
I didn't fall for it because I know how law firms work inside and out thanks to my lovely wife, and if someone were suing me, the first I'd hear of it wouldn't be via e-mail. Had I clicked on the link, which also looked real, the Web site would have tried to give me a case of Windows malware. Since I use a Linux system, the attempt did nothing but harmlessly bounce off my desktop.
Now, generic personalized spam is old news. You know the drill as well as I do. You get some trash message about cheap Viagra or some relative of a third-world dictator wants to give you a wheel-barrow of cash that uses your name. This was far more than that though.
This spam didn't just use my name, it used one of my real stories as an example. My first thought was that it was someone who disliked me and decided to try to rattle my cage. It turns out it wasn't. I contacted the law-firm, from which the e-mail appeared to have come from, and it turns out that someone had hacked their way into the firm's Microsoft Exchange e-mail servers and had used it to fire off a slew of spam messages to several thousand people.
I can't mention the firm's name because I'm helping them work out who did what to whom and someone is going to end up in real trouble with the law before we're done. Someone cracking a Microsoft Exchange server isn't news though. That happens all the time.
No, what surprised me is that we're just beginning to see a new wave of personalized spam. Think, for example, about how much information is already out there about you on the Internet. You've Googled your own name I'm sure. Now think about what a sophisticated data mining program could do with that information? It could, and it seems now it is, be used to power up spam that's customized just for you.
Google and the other search engines are the least of your problems though. Consider, for example, how much information about you -- not some other guy or gal with your name, but you -- that's available on Facebook.