I’ve started getting a few “419 scam” messages using the “email this cartoon” feature of the Dilbert web site as a vector. The 419 scam, also called the Nigerian scam, is that form of advance-fee fraud we see in email so much, where someone sends you a message claiming that he’s the son of the deposed Nigerian president, or some such, and promising free money if you will only help.
The Dilbert web site needs no introduction, I’m sure. Below the day’s Dilbert cartoon is a convenient “Email” button.
Now, the thing about the button is that it pops up a nice, convenient mini-window in your browser, and the window has fields for the sender’s name, your name and email address, and a “personal message”. You fill those in, you press “Send”, it sends the email... and then you can press a button to send another. If you do that, it retains what you put into all three fields. And there’s no CAPTCHA.
You can see how easy it would be to use this to send a boatload of identical messages. Once you get started, it’s a sequence of clicking “again”, pasting another email address into the destination, and clicking “send”. The scammers have seen that, too, obviously: I got one yesterday that looked something like this:
Subject: The Good Lord Loves You is sending you some Dilbert!
Your friend The Good Lord Loves You wanted us to send you this from Dilbert.com.
Message from The Good Lord Loves You:
[419-scam message goes here, something about a church and orphans and whatnot. And money; a lot of money.]
[Image of Dilbert cartoon goes here.]
Sigh. Leave it to the fraudsters to ruin “email” links for the rest of us.
On the other hand, as I tell all my friends: if you want to send someone a pointer to a web page... copy and paste the URL, and send them that. The email message comes from you, you can put your own personalization on it, and you haven’t given your friend’s email address to the web site.
Repeating that last point: please don’t give random web sites your friends’ email addresses. It’s not hard to send the email yourself.