Blue Security Gets Joe-Jobbed
For those of you that do not know, a “Joe Job” attack is a cyber security attack in which a company’s reputation is attacked by the use of spam. There are no firewalls or IDS systems that can protect against this type of attack, and it can end up costing the victim company quite a bit in lost revenue, status, reputation and market share.
The way it works is like this- If I were a hacker, and I wanted to take down a company’s reputation, I would forge an email to make it look like it originated from the victim company. In this case, let’s use “Johnny’s Urban Furniture” as the victim company. The email would appear to originate from Urban Furniture, and it would be sent to any available spammer list. the body of the email would inform everyone that due to unfortunate circumstances, your personal information, such as your social security number and phone number, and email address had been deliberately sold to a mass marketing company for the sum of 200 dollars. In return, all recipients of the email should be called by telemarketers, receive magazines, be visited by Mormons, etc., etc.
The Joe Jobber could even spice it up more by saying that these things will be charged automatically to the account that Urban Furniture has on record. The email should include a phone number for complaints, which would be really nasty if it was the call center of the company, or worse, if it was the Furniture Shop’s owner’s personal cell phone.
Most people will get this piece of spam and think that its trash. They had never heard of Urban Furniture and are confident that this is either a prank or a hoax. But some people, who have shopped at Urban Furniture, will be understandably outraged and will flood the call center with complaints. Others will vow to never shop there again, and others will be sure to never shop there the first time. The victim’s cost to recover from a successful Joe Job is quite high.
Blue Security is an Israeli email security company that actively attacks spammers and known spamming hosts to reduce the flood of spam on the Internet. A pissed-off spammer sent this email out in an effort to fool people into thinking that Blue Security suffered a compromise and leaked the entire customer list, which is not true:
Hey, You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com). You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally. How do you make it stop? Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity’s database, if you arent there.. you wont get this again. By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this. Just remember one thing when you read this, we didnt do this to you, BlueSecurity did. If BlueSecurity decides to play fair, we will do the same. Just remove yourself from BlueSecurity, and make it easier on you. Sergio Sheldon
If you are a Blue Security Customer and see this, consider it as just another spam, and be thankful that Blue Security is doing its job to infuriate spammers and make the net a better place. Thanks to ISC and NoticeBored.