On the one hand, I think it's a bit unlikely that the reports to the USPTO and FTC from the spam/scam recipients will result in any quick action against the (alleged) bad actors in this case. But on the other hand, government agencies really don't like it when you pretend to be them or send fake "official" notifications on their behalf. The wheels of justice move slowly, but I imagine something will happen eventually.
I'm very curious about what email addresses and domains the scammers used. Could DMARC or better spam filtering have helped prevent delivery of that bad mail? Probably not, if I understood the article correctly. It sounds like the alerts were supposed from a "law firm" (the implication being that perhaps it was sent from a real/valid email address) and that perhaps it's more of a user education issue and not something spoofed in a technical sense. That's my best guess, anyway. It reminds us that DMARC is only half the battle. Keeping bad guys from using your domain is still a good thing, but it doesn't stop them from still sending from some other domain and pretending to be you in the content.
Hey, maybe it's a bit "inside baseball," but I find it pretty interesting to learn about spammers targeting patent applicants with scam emails, courtesy of Tim Lince from World Trademark Review.
On the one hand, I think it's a bit unlikely that the reports to the USPTO and FTC from the spam/scam recipients will result in any quick action against the (alleged) bad actors in this case. But on the other hand, government agencies really don't like it when you pretend to be them or send fake "official" notifications on their behalf. The wheels of justice move slowly, but I imagine something will happen eventually.
I'm very curious about what email addresses and domains the scammers used. Could DMARC or better spam filtering have helped prevent delivery of that bad mail? Probably not, if I understood the article correctly. It sounds like the alerts were supposed from a "law firm" (the implication being that perhaps it was sent from a real/valid email address) and that perhaps it's more of a user education issue and not something spoofed in a technical sense. That's my best guess, anyway. It reminds us that DMARC is only half the battle. Keeping bad guys from using your domain is still a good thing, but it doesn't stop them from still sending from some other domain and pretending to be you in the content.
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.