ESET’s Richard Zwienenberg reports about the volume of spam emails he continues to receive from “conference/exhibition” scammers, even though COVID-19 has forced everything online. In February this year, when the MWC 2020 was approaching, exhibitionists and attendees have started to show their hesitation to join.
Scammers who were looking to trick people into arranging accommodations on fake websites, phish their credit card data, and steal their money, were left mostly empty-handed. Every big event that followed since then was canceled and held online instead, but some took that decision on short notice.
This created an opportunity for scammers to target presenters, exhibitors, organizers, and even visitors with spam emails. The messages they sent pretended that no cancelation or change has taken place and that the event is still scheduled to be held in physical form.
As R. Zwienenberg says, he received 95,890 spam emails concerning MWC alone. Of course, ESET’s researcher is a well-known and regular presenter, so he stands high on the spammers’ lists, but this is directed to a large number of people.
The same story went on for InfoSec World 2020, for which Zwienenberg was offered to be included in the attendee list numerous times.
InfoSec decided to hold the conference virtually on April 30, 2020, but scamming emails continued to arrive on the researcher’s inbox even by May 25, 2020.
So, a question that arises is how the scammers get their hands on people’s valid email addresses. First, most people give this information away themselves, and there are many ways through which this can happen. Secondly, they can simply spam addresses and see which accounts receive the sent messages, essentially figuring out which recipients are valid.
The researcher makes an example of “out-of-office” status messages, which give away a lot more information than they should, with their authors not realizing what a blunder this is.
If you’re wondering about what the best response to a scammer’s email would be, the answer is to give no response at all. Even clicking on the unsubscribe button or replying with “opt-out” would confirm that the email address is active and monitored.
If you’re using Outlook, go to the software’s Options/Mail/Tracking, and disable the sending of a read receipt by setting it to “Never.” Remember, one email address database can be shared among many crooks, so confirming your validity in one instance results in receiving way more spam.