Spam mystery 

Got a message today from someone purporting to be interested in the church. E-mail headers showed it was sent from Qualtrics, which was odd. When I checked with colleagues, they had received variations on the same message, with slightly different names, and an identical backstory ending with a different personal problem: recent incarceration, job loss, infidelity, etc.

Spam mystery 

There was a List-Unsubscribe header, with a link to a legit Qualtrics server. When I visited it, I got a message saying I had been unsubscribed from a University of Virginia survey.

So this made me think it was some kind of sociological study. Many of the names suggested African American, Asian American, or other racial-ethnic heritage. Maybe this was a variation on the famous résumé study, checking for racial bias.

Spam mystery 

I replied to the message. (The Reply-To was a @gmail.com address.) But my reply bounced: Gmail said there was no such account. If this was a legitimate study, it was really poor methodology. They weren't set up to receive replies, and by now my colleagues were widely discussing the "survey" on social media.

Spam mystery 

So I contacted the office of the UVA VP for Research, asking whether it was a legitimate study, but I got a reply saying that it wasn't.

This leaves another mystery. The Received-From headers show that the message came to my Gmail account from a Qualtrics server. Somebody is using Qualtrics to send these messages out, and they’ve either compromised a UVA account, or else they’re spoofing, but in a way that is really unlikely to be seen.

Spam mystery 

There's some X-(...) base64 goobledygook in the email headers that Qualtrics can presumably decipher, so I sent the message with full headers to their abuse address, on the premise that someone has either hacked or spoofed UVA. I'd really love to learn what the story is here, but it doesn't seem likely that I will.

Follow

Spam mystery 

If it was run-of-the-mill phishing ("Need ca$h now, pls!"), why go to the trouble of using Qualtrics? Why not just spew messages from your freemail account until they shut you down?

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
arktos.social

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!