In the past I’ve often remarked that spammers must be stupid because they generally commit some silly, obvious error when forging an email. That all changed today…

This morning I received an email, ostensibly from Amazon, advertising Erotic Monday specials. I’m a pretty laissez-faire kind of guy but this seemed a bit over the top for me. I mean, I read my personal email on my personal machine at work, but I do use the company network and they monitor traffic to some degree. The last thing I need is to have to justify my personal computer usage because I much prefer to work on a mac to the extent possible.

All of this to say receiving this email put me over the edge. I decided to unsubscribe from Amazon’s friendly reminders about sales and specials. Having made the decision, I clicked the “unsubscribe” link only to be surprised when I landed on some purported Canadian pharmacy’s international shipping page. Thinking this to be exceptionally odd, I went back over the email’s source code.

Lo and behold, it’s a damn near perfect forgery. It copies Amazon’s layout, uses images off Amazon’s servers, it links to products in Amazon’s catalog. The only difference being that several key bits of hyperlink functionality run out to this spammer’s site instead of Amazon. This is how I would do spam if I were inclined to spam. Thankfully it was sales-oriented spam and not infection vector spam because I didn’t give it a second thought before clicking the unsubscribe link.

/me makes a mental note to mouseover all links in HTML email before clicking.