Lauren GoodeDec 23, 2022
I wrote about the “Dick’s Sporting Goods” Yeti cooler scam, why it has slipped past Google’s most sophisticated machine learning tools, and what it means for the future of email spam https://www.wired.com/story/email-scam-dicks-sporting-goods-yeti-cooler/
No, You Haven’t Won a Yeti Cooler From Dick’s Sporting Goods

The future of email spam utilizes a coding trick that evades the most sophisticated detection tools.

WIRED
Show threadAnilDec 23, 2022
@laurengoode this is such a great example of how the (relatively minor) technical details of implementation leak through & affect regular users. Most code libraries treat the URL fragment (the part after the #) as completely distinct from the rest of an address, but spammers are often not conventional coders, so they don’t have the same assumptions about how a computer scientist looks at this data type. The surface area of vulnerability arises because of the cultural difference.
Show threadStefan Wrobel 🏄🏼‍♂️
@anildash @laurengoode great, so GMail is allowing spammers to run js in my emails? That’s reassuring 🤦🏼‍♂️
Dec 23, 2022 at 2:43pmWeb
Show threadAnilDec 23, 2022
@swrobel @laurengoode I think in many cases the js is *techncially* running in your browser when you click, which is why it’s being missed.