ScalziEvery once in a while I look at spam email and think, "shit, I could do this *so much better*," but then I remember that their errors and nonsense are a feature, not a bug, in that someone who will look at that nonsense and still engage with it is more likely to fork over access to their bank accounts than someone who needs to be fooled with more sophisticated methods
Kevin Patrick Doyle 🍅🥫@scalzi I smell a novel
Ronsboy67@scalzi 90%+ of my spam are reminders to renew my driver's licence (I've never had one) or telling me that my iCloud is full (I've never owned any Apple product) So my phishing avoidance skills have yet to be tested.
Dave Dawkins (D. Harrigon)@scalzi Oh, you mean like those very convincing with letterhead emails professing to be from publishers and asking authors to hand over cash for reviews and such?
Shawn in Montreal@scalzi I've often wondered about that. I agree, it's the best explanation for the obvious misspellings, etc...
Paper Clip@scalzi I can't find the paper now, but Microsoft Research once called that error-ridden spam as a "reverse pons asinorum".
A pons asinorum is metaphorically a demonstration that a student is ready for more advanced work (Euclid's Fifth Proof). Error-filled spam reverses this idea, showing who is most gullible and easily fooled.
The Microsoft paper notes that scammers face costs and must expend effort. Best to use the spam to weed out those who won't be fooled and target the easy marks.
ijwI knew about the mechanism but thank you for putting a term to it.
Actual use for LLMs: to massively respond with pretend interest to spammers, increasing their vetting costs a thousand fold, rendering their business no longer viable
@bulletsweetp @scalzi If LLMs can be used that way, scammers would also use them to reduce their costs to pull people into the con.
At some point, we'd just get LLMs trying to con each other.
mhoye@paper_clip @scalzi The paper is here:
Why Do Nigerian Scammers Say They are From Nigeria? - Microsoft Research
False positives cause many promising detection technologies to be unworkable in practice. Attackers, we show, face this problem too. In deciding who to attack true positives are targets successfully attacked, while false positives are those that are attacked but yield nothing. This allows us to view the attacker’s problem as a binary classification, and use […]
Anima@scalzi [spam] is clumsy and random, [spear phishing] is a more elegant weapon for the civilized criminal.
rat (mibioctet)@scalzi oh my god, that makes so much sense. I've never been able to figure out why spam emails are so bad
lagaya@scalzi Yes, but the ones that are not so easily fooled are probably the ones who still have most of their money. You might want a piece of that pie instead. Plus you do have the skills, so...
Nuclear Oatmeal 
@scalzi please subscribe to our Kaiju of the month club for a low annual price of .05 BTC...
baloo@scalzi and your bank will usually send you a link to goes to a 404.
Colin Rosenthal ✡️🕎 ❤️🇮🇱❤️ 🕎✡️@scalzi Fb is also full of clickbait with weird misspellings - presumably designed to drive engagement. “Why ‘Smoke On The Walter’ is Deep Purple’s Best Song” etc.