There has been some spam going around for quite a while with an infected zip file attachment sent under the guise of being explicit photos found of you or your girlfriend. The email subjects and bodies had many variations, but were all pretty much the same. Some samples:
FW:Why did you put this photo online?
I have a question- have you seen this picture of yours in attachment?? Three facebook friends sent it to me today… why did you put it online? wouldn’t it harm your job? what if parents see it? you must be way cooler than I thought about you man :))))
But I really need to ask you – is it you at this picture in attachment? I can’t tell you where I got this picture it doesn’t actually matter… The question is is it really you???.
I got to show you this picture in attachment. I can’t tell who gave it to me sorry but this chick looks a lot like your ex-gf. But who’s that dude??.
The emails are somewhat casual, friendly, surprised, or impressed. But recently, these emails have tried a different tactic, fear and anger. Look at some of the new messages:
These pictures should be taken down immediately.
Sorry to disturb you …
Why did you have to put these photos online? All the hell is gonna break loose now don’t you understant? Take them down immediately! Don’t tell me you don’t know what photos I’m talking about! Check attachment!
This escalated to:
The criminal investigation agains you has started. Grave privacy violation is a serious thing.
Sorry to disturb you …
Why did you try to break into my FB??? This is the reply from FB support in attachment they idendified you as an attacker who tried to steal my password! Do you know that this is crime actually??
You’ll reap just what you sow! You’ll be really sorry about what you’ve done to me.
Hate to bother you …
Do you know who posted these photos online?? This is strange cause there’s your FB acc there. Why did you do it and how did you get my photos?? This is a crime actually do you know?? I put one photo in attachment. We have to clear this thing or else I’ll have to contact my lawer!
Other subject lines:
Let’s put this behind us once and for all I know you broke into my email.
The police investigation is under way now. You’ll be really sorry about what you have done.
How can you be so cruel to me? I’ll have to react and destroy you.
You can’t say I haven’t warned you now enjoy the consequences.
While it could be understandable that if written in anger, the email composition and grammar would be terrible, which is normally a giveaway for spam. But like most spam, these emails play off of curiosity, even if you know you’re not the one the attacker is looking for. Who wouldn’t want to see the picture that’s gotten the author so upset? The new tactic is to get the recipient in a defensive or worried state so they confirm that it really isn’t them involved in the fake incident.