This article needs additional citations for verification. (August 2020) |
A Joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early Joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against them (see also email spoofing), but they are now typically used by commercial spammers to conceal the true origin of their messages and to trick recipients into opening emails apparently coming from a trusted source.
Origin and motivation
editThe name "Joe job" originated from such a spam attack on Joe Doll, webmaster of joes.com, in early 1997.[1] One user's joes.com account was removed because of advertising through spam. In retaliation, the user sent new spam with headers forged to make it appear that Joe Doll was responsible. Besides prompting angry replies, it also caused joes.com to fall prey to denial-of-service attacks, from anti-spam vigilantes who thought he had sent the mail, which temporarily took the site down.[2]
Some e-mail Joe jobs are acts of revenge like the original, whether by individuals or by organizations that also use spam for other purposes. Spammers use the technique to cycle through domains and to try to get around spam filters and blocks.
Joe-jobbers could also be businesses trying to defame a competitor or a spammer trying to harm the reputation of an anti-spam group or filtering service. Joe job attacks in other media are often motivated politically or through personal enmity.
Form
editJoe jobs usually look like normal spam, although they might also disguise themselves as other types of scams or even as legitimate (but misdirected) messages.
Joe jobbing (or "joeing") can take different forms, but most incidents involve either e-mail or Usenet. They are sometimes seen on instant messaging systems as well. In general, joe jobbing is seen only on messaging systems with weak or no sender authentication, or where most users will assume the purported sender to be the actual one.
If the Joe-jobber is imitating a normal spam, it will simply advertise the victim's product, business or website. It may also claim that the victim is selling illegal or offensive items such as illegal drugs, automatic weapons or child pornography to increase the likelihood that the recipient will take action against the victim.
When imitating a scam, such as a Nigerian scam, or phishing scheme, the e-mail will still feature links to the victim's website or include contact information. In these instances, the joe-jobber is hoping that the recipient will notice the e-mail is fake, but mistakenly think the victim is behind the "scam".
When imitating a legitimate e-mail, the joe job will usually pose as an order confirmation. These "confirmations" may ask for credit card information, in which event the attack differs from phishing only in intent, not methodology, or simply imply that the recipient has already bought something from the store (leading the recipient to fear their credit card has already been charged). Like the "normal spam" jobs, these e-mails will often mention illegal activities to incite the recipient to angry e-mails and legal threats.
Another joe-job variation is an e-mail claiming that the victim offers a "spam friendly" web host or e-mail server in the hope of further inciting action against the victim by anti-spam activists.
Function
editJoe jobs often intend to capitalize on general hatred for spam. They usually forge "from" addresses and email headers so that angry replies are directed to the victim. Some joe job attacks adopt deliberately inflammatory viewpoints, intending to deceive the recipient into believing they were sent by the victim. Joe job victims may lose website hosting or network connectivity due to complaints to their Internet service providers, and even face increased bandwidth costs (or server overload) due to increased website traffic. The victim may also find their email blacklisted by spam filters.
Unlike most email spam, the victim does not have to "fall for" or even receive the email in question; the perpetrator is using innocent third parties to fuel what essentially amounts to slander combined with a denial of service attack.
Similar automated spam
editFalse headers are used by many viruses or spambots today, and are selected in a random or automated way, so it is possible for someone to be joe jobbed without any human intent or intervention.[3]
See also
edit- Agent provocateur – Person who incites others to commit incriminating acts
- Backscatter (email) – incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam – A related phenomenon that is not targeted directly at a particular victim
- False flag – Covert operation designed to deceive, a similar military concept
- Sporgery – Posting a flood of articles to a Usenet group, with falsified headers
References
edit- ^ Rouse, Margaret. "What is a Joe Job? - Definition from Techopedia". Technopedia. Archived from the original on April 3, 2012. Retrieved May 16, 2023.
- ^ Schryen, Guido (2007). Anti-Spam Measures: Analysis and Design. Springer Science+Business Media. pp. 19–20. ISBN 978-3-540-71748-5.
- ^ Fuhrman, Cris. "Backscatter analyses". CA: ETSMTL. Retrieved 2009-04-30.
External links
edit- Text of the original "joe job" spam mail
- "Joe jobs", Hoaxes, Snopes: recent examples.
- Thomas, Dillian (3 February 2004), Sabotage! Coping With The Joe Job, Sitepoint.
- The Weekend IBM.NET Almost Died, archived from the original on 2000-10-13: an instance when IBM refused to terminate the account.
- "joe-job", catb.org