I’ve noticed more spam slipping through the cracks and worming into my inbox. I thought it was only me, but it’s not — some of my colleagues here at Android Central are seeing the same thing. Google isn’t catching spam as effectively as it used to.
This week I’ve learned of a discovery that will enhance my sexuality, found out I had a (now deceased) rich relative overseas who left me millions, qualified for free tuition to an online university, and won a 170-piece Stanley tool set. At least, that’s what the spammers who emailed me this crap expect me to believe.
Android & Chill
One of the web’s longest-running tech columns, Android & Chill is your Saturday discussion of Android, Google, and all things tech.
Most of it is easy to catch. Disney isn’t going to send you anything and you didn’t end up in the will of a dead prince so you know those emails need to go straight into the bin. Some of it, though, is more convincing and an errant click can lead to malware or a good old-fashioned password phishing attempt.
Before anyone says it, no someone “dumb” enough to click a fake PayPal link or who believes a company wants to send them free stuff doesn’t deserve it. Eleteism always sucks and there is always someone who can outsmart you, too. This seemingly minor issue is actually really important and Google needs to address it.
What is spam?
It’s not a bit of greasy meat-like slab that comes from a can but it’s every bit as distasteful. Basically, spam is something you didn’t want but you get anyway.
It could be notification spam from an app, phone calls about your car’s extended warranty, or LinkedIn telling you 11 people went to the same college you did and you should sign in to read all about it. Those are painful to sort through sometimes but mostly just inconvenient.
Sometimes though spam — especially via a text or email — is a little more worrisome. I mentioned that I won a nice tool set earlier according to a message in my inbox that should have gone straight to my spam folder instead of cluttering up my phone notifications. Let’s look at it a little closer.
The first red flag is that it didn’t come from the company it claims it did — in this case, Harbor Freight tools — and the sender is using some weird gibberish domain.
The image looks like something Harbor Freight would use and I know that because I do get legit mail from the company every now and then. They are a great place to buy drill bits and saw blades and I want to know when those are on sale. We can have a better look at the action button though.
It’s a link that doesn’t lead back to either Harbor Freight or some third-party survey company; right-click or long press on it to find out it sends you to a URL redirecting service. It redirects to a Microsoft Azure blob named “dfeakuoyu”. That doesn’t sound like a person I want to buy tools from.
Protip: You can check the destination of any bit.ly URL by adding a + to the end of it and visiting through your browser. This is a service directly from bit.ly and is both free and legitimate.
I don’t know what happens if I click that button and I’m not going to find out. It could try to install something in my browser, forward me to a ransomware website, or be collecting email addresses and user data. One thing is certain: I’m not getting that toolset no matter how hard I click that button.
Why is this happening?
We can’t know for sure why more spam is ending up in our inbox. It’s most likely a result of two things: Google’s spam detection isn’t as effective as it used to be and spammers are becoming better at avoiding it.
I have a feeling that Google has pared back on what it calls spam as a result of a congressional inquiry. If you recall, during House Judiciary hearings in 2020 a representative was concerned that Google was filtering campaign and “right-wing” emails into the spam folders of intended recipients. Google made changes that allowed these emails to come through, but we don’t know exactly how the filtering was changed. Small changes often have a large, and often unintended, outcome.
It’s also very likely that spammers have found new ways to work around Google’s spam filters. Changing domains is easy enough and it costs less than $100 to do, and Google can never block every keyword a spammer would use. My example of tools is a great one. I want to see emails about tools because I buy tools online from time to time. That means spam or malicious mail might be able to squeak through by pretending it’s a message about tools.
Maybe this will keep getting worse before it gets better. Maybe it never gets better. That’s out of our control unless you run your own email server and can create global rules. You can create rules for yourself though. It’s tedious, but Gmail has a great built-in filtering solution if you feel like using it to block the worst offenders.
An easy thing you can do is send spam emails to the spam folder by reporting them instead of deleting them. This sends some sort of report to Google about the sender and hopefully, a person or AI somewhere can act upon it.
In the meantime, don’t open any message that seems suspicious, and never click anything from someone you don’t know.