Spam Baiters, Vigilantes and the Net

Some recent developments on the Internet caught my fancy and I am seeing a common thread. Call this a straw-in-the-wind column.

The first item comes courtesy of the infamous Nigerian scam. Many e-mail users regularly receive messages, marked urgent and confidential, telling of someone in Nigeria who has access to millions of dollars in a bank account. If you will help them get the money out of the country, you will get a big share.

The goal is to get the sucker to pay thousands of dollars up front for taxes and fees before the scammer disappears. It is amazing that a scheme like this works, but it is hard to overestimate people’s greed and stupidity.

The scam is not the real story here. It’s just the classic con man’s pigeon drop translated to the Internet. What’s notable is the Internet response. Some people decided to turn the game around on the scammers. They respond to the scam and look interested. They engage the crooks in lengthy e-mail messages designed to waste time and divert attention. Some “scam baiters” even post the correspondence on Web sites for amusement.

The second item derives from the increasing volume of fraud on eBay, the leading Internet auction site. Auction fraud is a growth business. Fraudsters have become highly sophisticated, going well beyond basic non-delivery of goods.

Concern over non-delivery led to the establishment of third-party escrow services to ensure that both seller and buyer fulfill their obligations. However, some fraudsters simply steer buyers to affiliated escrow services, who then abscond with the funds. Other new tactics include copying auction listings of other sellers and assuming the identity of sellers with good reputations.

Auction fraud has generated another interesting Net response. We now have “auction vigilantes.” They look for fraudulent listings and sellers to report to the auction police. That doesn’t always work, so some try other tactics. They enter phony bids to discourage others from bidding. They bid under names like “don’t bid dummy” to give hints.

What we have here is another homegrown Internet response to fraudulent activities. Those who are so inclined can have fun and engage in a public interest activity that seeks to prevent or deter fraud. Best of all, they can do it all in the comfort and safety of their homes. Some auction vigilantism may be questionable, but it seems unlikely that true fraudsters will complain or file lawsuits.

In principle at least, it wouldn’t take too many of these anti-fraud activists to put a dent into fraud schemes. It might even rise to the level of self-regulatory rough justice, Internet style. Reserve judgment on that for a minute, however.

The third example involves the most universally hated class of people on the Internet, spammers. Want a measure of how much spammers are disliked? I Googled the phrase “death to spammers” and found more than 140 hits. By contrast, “death to Osama” found only 79 hits. I am not sure what that proves, but it is interesting.

Again, we have an interesting response from spam haters. The starting point is finding a spammer’s home address. With all of the personal information floating around the Internet and commercial data companies, this may not be difficult.

The rest is easy. They sign up the spammer for every snail mail catalog, mailing list and other free snail mail service. Then the post office delivers enormous quantities of unwanted mail to the spammer’s home. According to one report, a targeted spammer received hundreds of pounds of snail mail a day. Some view this as making the punishment fit the crime.

Don’t think that burying someone in snail mail is just a one-time casual prank. You can find carefully written papers describing how to automate Internet-based snail mail bombing activities and how catalog companies can alter their Web sites to avoid automated requests. If you want to learn more, start with the April 15, 2003, edition of Crypto-Gram, a publication of Counterpane Internet Security Inc. The author, Bruce Schneier, is one of the few computer security specialists I know who makes sense. Go to

Those of you who mail catalogs for a living are presumably not so amused here. As with any type of vigilantism, Internet vigilantes may engage in inappropriate, excessive, poorly targeted or illegal activities. Their actions can shift costs onto a class of innocent bystanders.

What is the take-home message here? One is that the Internet is a two-way street. Customers no longer are passive creatures who accept every intrusion thrust upon them without response. The Internet offers a facility for fighting back. Responsible companies that treat customers well shouldn’t have to worry, but they can be caught in the backwash anyway.

Another message is that the Internet isn’t a friendly, inviting place where we can communicate, do business and make money easily. The Net is just another part of the real world.

Related Posts