Joe job
Online Advertising
Joe job
A joe job is an incident of
spamming designed to tarnish the reputation of an innocent third
party. Despite having existed since at least 1996, joe jobs are uncommon
compared to other types of
spam
because they provide no commercial benefit to the joe jobber.
Origin and motivation
The name "joe job" was first used to describe such a scheme directed at Joe
Doll, webmaster of Joe's Cyberpost. One user had his joes.com account removed
for advertising through spam; in retaliation, he sent another spam, but with the "reply-to" headers forged to make it appear to be
from Joe Doll.
Besides prompting angry replies, it also caused joes.com to fall prey to
denial-of-service attacks that took the website down temporarily.
Like the original, most email joe jobs are acts of revenge, whether by
individuals or by organizations that also use spam for other purposes. Unless
the joe-jobber is a business trying to defame a competitor (or a spammer trying
to blacken the reputation of an anti-spam group or filtering service) there is
no commercial advantage to joe jobbing, making it a comparatively uneconomical
form of spam.
Joe job attacks in other media are often motivated politically or through
personal enmity.
Form
Joe jobs usually look like normal
spam,
although they might also disguise themselves as other types of scams or even as
legitimate (but misdirected) messages.
Joe jobbing can take different forms, but most incidents involve either
e-mail or Usenet spam. They are sometimes seen on instant messaging systems as
well. In general, joe jobbing is seen only on messaging systems with weak or no
sender authentication, or where most users will assume the purported sender to be
the actual one.
If the joe-jobber is imitating a normal
spam, it
will simply advertise the victim's product, business or website. It may also
claim that the victim is selling illegal or offensive items such as hard drugs,
automatic weapons or child pornography to increase the likelihood that the
recipient will take action against the victim's website.
Some joe jobs are politically motivated, where the intended victim is usually
a political candidate, party or organization. Such joe jobs generally espouse an
inflammatory viewpoint not actually held by the victim, or present a
deliberately distorted variation of an actual viewpoint. Large-scale joe jobs
were staged on Usenet against the Ralph Nader campaign in 2000 and 2004. The second of these was unusual in employing multiple phases -- the first a
conventional political joe job, the second claiming to be a widely spammed and
similarly inflammatory statement by the Nader campaign about the first.
When imitating another scam (such as a
Nigerian scam or
phishing
scheme), the e-mail will still feature links to the victim's website or include
contact information. In these instances, the joe-jobber is hoping that the
recipient will notice the e-mail is fake, but mistakenly think the victim is
behind the "scam."
When imitating a legitimate e-mail, the joe job will usually pose as an order
confirmation. These "confirmations" may ask for credit card information (in
which event the attack differs from phishing only in intent, not methodology),
or simply imply that the recipient has already bought something from the store
(leading the recipient to fear his credit card has already been charged). Like
the "normal
spam" jobs, these e-mails will often mention illegal activities to incite
the recipient to angry e-mails and legal threats.
Another joe-job variation is an e-mail claiming that the victim offers a
"spam friendly" webhost or e-mail server (in the hope of further inciting action
against the victim by anti-spam activists).
How it works
Joe jobs often intend to capitalize on general hatred for
spam. They
usually forge from addresses and email headers so that angry replies are
directed to the victim. Some joe job attacks espouse deliberately inflammatory
viewpoints, intending to deceive the recipient into believing they were sent by
the victim. Joe job victims also risk losing website hosting or network
connectivity due to complaints to their Internet Service Providers, and even
increased bandwidth costs (or server overload) due to increased website traffic.
The victim may also find his or her email blacklisted by spam filters.
Unlike most email spam, the victim does not have to "fall for" or even
receive the email in question; the perpetrator is using innocent third parties
to fuel what essentially amounts to
slander combined with a denial of service attack.
How to prevent a joe job
While the old wisdom was to abandon the joed email address, joed email
addresses can be protected from email-based joe jobs by a user using
Sender Policy Framework, which makes email forgeries more identifiable.
Additional steps the victim can take to prevent being harmed by a joe job are
to post conspicuous disclaimers on his or her website (if applicable), acquire
email filters if he or she does not already have them, and to alert his or her
Internet Service Provider about the scam.
The average person receiving a joe job email will probably not recognize it
for what it is. Most joe job email can simply be deleted without consequence
(incidentally, this is the action that causes the least amount of trouble for
the intended victim).
Other meanings
In Canada, "joe job" is a slang term for a low-paying, low-status, dead-end
job, especially in the service sector. "Joe job" was used with this definition
in the movie Wayne's World.
External links
Home | Up | History of spamming | Stopping e-mail abuse | e-Mail spam | e-Mail fraud | Messaging spam | Mobile phone spam | Newsgroup spam | Spit (VoIP spam) | Honeypot | Spamware | Pills porn and poker | Joe job | Spam Prevention Early Warning System
Online Advertising, made by MultiMedia | Free content and software
This guide is licensed under the GNU
Free Documentation License. It uses material from the Wikipedia.
|