Wednesday, September 28, 2011

Phony auto-replies are latest spamming trick

NEW YORK — If you’re prone to mistyping email addresses, here’s a new thing to worry about: you could be a target for spammers trying to sell you a dream vacation or a diet product by pretending to be one of your friends or colleagues.

In a clever twist on spam, some websites with names that are confusingly similar to legitimate sites have been set up to reply to any mail sent to them. The responses are framed as out-of-office replies but sneak in mentions of a new product or service you should try.

How it works

Here’s a real-life example : An Associated Press reporter accidentally sent a message to a “verizonwireless.co” address instead of the proper “.com” and got this response, ostensibly from his contact “tom”:

“I am out of office right now on a my (sic) dream vacation and will get back to you when I return. If you don’t hear from me, my assistant should contact you shortly. You should check this site to see how I scored the best travel deal for my trip.”

That’s followed by a link to a site that advertises luxury resorts. Presumably, the owner of verizonwireless.co makes money when someone clicks through to any of the resort sites.

Only a handful of sites were set up to produce the autoreplies tracked by the AP, and they stopped after the AP’s inquiries. But there are hundreds of thousands of sites out there that could be set up to reply to Mr. and Mrs. Butterfingers, with names that are slight variations of major sites — like “yaoo” instead of “yahoo.” They’ve been registered by so-called “typo-squatters,” whose goal is to make money from advertising as people accidentally visit the sites after mistyping an address in their Web browser.

If more typo-squatting sites start autoreplying, that could be particular problem for Internet mailing lists. If a participant mistypes his or her address when joining a mailing list, every message to the list could get a response from a typo-squatter. This infestation is already apparent on a few Internet mailing lists, including one about Django, a free software package, and one for Communist University, a group based in Johannesburg, South Africa.

Going after them

Tom Pica, a spokesman for Verizon Wireless, said the company’s legal department is looking at the matter and intends to pursue the owner of “verizonwireless.co.” Patrick Flaherty, a lawyer for Verizon, said the company will probably try to seize the domain name through legal action.

It’s unclear who owns verizonwireless.co and the page with the links. Their address registration data is masked.

Verizon Communications Inc., which controls Verizon Wireless, has gone after typo-squatters before. In 2008 it won a $33.1 million judgment against OnlineNIC, a San Francisco-based company that according to Verizon had registered 663 domain names like “myverizionwireless.com.”

The phone number given in the spam messages goes to the online fax account of a real-estate broker in Honolulu. She said she first learned the number was included in the spam when asked by an AP reporter.

The mailing address in the spam goes to an apartment building in Encino, Calif. The messages don’t include an apartment number.

Internet searches revealed that at least two other typo-squatting sites have produced autoreplies: yaoo.es and livingdeadolls.com. One response from the latter site said “I’m on sick leave because of some news from my Dr., please check out this diet product he recommended.”

According to registration data, yaoo.es is owned by Tomasz Kurlenko of Poland. Reached by phone, Kurlenko said he had no control over the site, which like the other two sites is managed by Bodis.com.

Bodis.com is a “domain parking service,” that manages sites for owners. It puts up ads on the sites and gives owners a share of advertising revenue if surfers stumble onto them.

Unhappy

The company is run by Matt Wegrzyn of New York. Reached by phone, he said the autoreply service is provided by AdMedia, a Los Angeles-based company.

Wegrzyn said he wasn’t happy with the money the service provided, and that he was considering shutting down autoreplies for Bodis sites. The sites stopped autoreplying to messages after the AP reached him.

AdMedia didn’t reply to a request for comment.

Tyler Moore, a fellow at Harvard University, and Benjamin Edelman, an assistant professor at the Harvard Business School, estimated last year that nearly 1 million typo-squatting domains, like faceboop.com, gootle.com and wamlart.com shadow the top 3,264 dot-com sites. That’s almost 300 typo sites for every legit one.

Not surprising

Moore said he had never heard of typo-squatters sending fake out-of-office replies, but said it makes sense for them.

“Since squatters have already registered the domain, they quite cleverly are converting any human interaction with the domain into an advertising opportunity,” he said.

Unwanted out-of-office spam isn’t the only reason to be careful about typing email addresses. A small security firm recently reported setting up 30 Web addresses, with names similar to those of major corporations, and saving every email that came in over six months.

The firm, Godai Group, ended up with 120,000 emails, with contents that included trade secrets and network usernames and passwords.