I received a spam email this morning with the subject “Summary of junk emails blocked – 1 Junk Emails Blocked”. It was ironically intended to look like a report from some kind of spam filter saying that an email was blocked. There were a number of links on the page for how to manage lists or configure your settings for this non-existent application. I knew it was spam because (a) it didn’t mention what spam application or web site it was using (I’d expect that in big letters across the top), (b) I have never signed up for any such service, (c) my company used to have a similar service but stopped it a few years ago (and this wasn’t it), and (d) the email was sent to an old email address of mine that I no longer use but still works.
But the real giveaway that this was fake was that all of the links in the email go to the address 192.168.0.22:10080. Any address beginning with 192.168 is what’s known as a private address, which means that it’s a special address that’s only accessible from another machine on the same network. By “network” I don’t mean the Internet, I mean, basically, the collection of computers connected to your local router. My machine currently has the IP address 192.168.0.108. Posting your IP address on the internet for all to see might be considered a security risk, but there is no security problem with posting private addresses because unless you are connected to my network, you can’t get there. Not because I’m clever and have set up fancy rules or anything, just because that’s the way TCP/IP addressing works.
So if I were to click on a link in this spam email, first of all you’d have my permission to come to my house and smack me upside the head. Secondly, nothing bad would happen in this case, because for it to work, there would have to be a machine inside my network with that address, with an HTTP server listening on non-standard port 10080. The odds of there being a machine on my network that just happens to have that IP address and just happens to have an HTTP server listening on that port and just happens to have evil software running on it are beyond remote. The only other possibility is that some hacker has already penetrated my network, set up a machine with that IP address and an HTTP server complete with malware, and then sent me a spam email to get me to visit that machine. This is unlikely as well – you’ve already broken in, why bother with the spam? This is like breaking into a bank in the middle of the night, then calling a bank employee from the inside, and while pretending to be the bank manager, asking him to unlock the front door. You don’t need the front door unlocked, you’re already inside.
The most likely scenario is that the people who created the spam email are idiots. They set up a server on the internet that they wanted you to connect to (that had malware or whatever on it). Since they set up the server in the first place, it’s likely on their local network and the way they connect to it is through the 192.168 address. That’s not the way the rest of the world would get to it, but they didn’t know that. The result is that they have sent out this spam email (and likely paid to do it) and will never get any hits, even from people who do foolishly click on the links.
Couldn’t happen to a nicer bunch of guys.