I was looking at porn at work in our open office the other day.
Not intentionally, mind you - I opened my work email’s junk mailbox to make sure nothing important had wound up in there, and was faced with a rear.
I get a lot of spam, so that’s not unusual. What is unusual is there was no clear end game to this: no links, no ads, no text, just a subtly worded email subject:
I forwarded to my company’s IT department, and deleted the message, and didn’t think about it again…until the next day when I got another one, then another one, then another - fresh smut, delivered daily. Now, I had to figure out what was going on. I opened up the message source, and found the spammer’s actual goal and why I wasn't seeing it:
Content-type: multipart/alternative;
boundary="===============4830201289248217484=="
Subject: The right time has come now!
[…more headers…]
--===============4830201289248217484==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
[…oddly worded filth, including a tinyurl link…]
--===============4830201289248217484==
Content-Type: image/jpg; filename="Olivia.jpg"
Content-Disposition: attachment; filename="Olivia.jpg"
X-Attachment-Id: 0
Content-ID: <0>
Content-Transfer-Encoding: base64
[base64 encoded *]
The spammer’s mail client marked the message as “multipart/alternative” instead of “multipart/mixed”, indicating a message with multiple representations of the same content - causing my mail client to pick only the section with the richest content.
I previewed the tinyurl link, removed the tracking slug, and visited the site.
Seems to be down now, but at the time it was a fake dating site, advertising dates that were…juicy.
I didn’t register, but from their terms and conditions, it seemed like a site where you pay to message (presumably fake) women, and was copyrighted by Meet Us Media, in Nicosia, Cyprus.
They are an “email marketing” company, who unfortunately did not take me up on my request for a marketing campaign when I reached out. Probably for the best, they don’t seem to know how to format their emails correctly.
Now this is where things get interesting…in second grade, we were assigned pen pals from a group of students our age in Cyprus, a wonderful exercise in cross-cultural communication. The teacher made it very clear to us that these were students on the Greek side, not the Turkish side and to not write anything implying otherwise. She had nothing to worry about, since we all just asked them what their favorite Pokémon were. They never responded.
I think about this a lot, and I always wonder what happened. Did one of the teachers think the letters were dumb and throw them out? Or did the kids all reply “Charizard, obviously” and the letters were lost at sea on the way to us. Anyway, one of these kids could have grown up to be the spammer.
Back to probable timelines - a Cypriot business registry lists some contacts for the company, one Μιχαλινα Κουππαρη as a director and secretary.
She appears to be a lawyer, and appears to have registered a few businesses. One of them was registered with another director, a Danish mobile game developer living in Thailand.
When I search his name, this photo comes up:
Him, and my great great great great great great grandboss. When was this photo taken? The day I got the first spam email.
This goes all the way to the top.