Last week, we received a sample of personalized spam. The name of the recipient has been redacted — however, it is an accurate spelling of that person’s name.
It goes without saying that the recipient of the spam has no idea who “Tony” is.
So how did this happen? While the first thought might be spammers scraping names from Facebook or LinkedIn, this may very well have occurred by by scraping publicly-available alumni lists. There are a lot of open alumni lists out there, as this Google search shows. And, of course, Augstana college is one of those sites with an open alumni list.
We’ve seen more and more personalized spam attacks over the last several months, and it is a troubling trend. For obvious reasons, a finely targeted spam has a higher chance of being read and acted upon. And that’s one more reason for the urgent need for broad user education and ongoing improvements in security products. And when I say user education — I mean blast it out on mass media through Ad Council methods or what have you.