Legend:  new window    outside link    tools page  glossary link   

Classic Spam: Spammers are giving out money!

The bottom line: Do not be fooled; no one is going to offer prime mortgages to complete strangers with no financial review. The crooks behind this tired racket include some of the most successful and persistent spammers on the net today; they are not lending any money, but are merely trolling for leads that they can then sell to ethically-challenged mortgage brokers.

Up until a few years ago, you could hardly have conceived of a more sober-sided and conservative (small-C) bunch of folks than mortgage bankers. However, as loan interest rates moved steadily downward during the 1990s, with an accompanying surge in new and refinanced mortgages, the industry began to look more and more like an aquarium full of sharks fighting over a steak. It should come as no surprise, then, that spam is one of the tools to which the hungriest of mortgage lenders will resort (particularly those in the “subprime” mortgage industry) in order to scare up leads.

Mind you, this particularly aggressive cohort of mortgage bankers don’t do the spamming themselves; instead, they rely upon “affiliates” to get the message out however they can, and then send the hot prospects their way.

Affiliate programs are fairly common among the big online lenders (as they are with many other net-based businesses). One such well-known operation even briefly publicized on its website the “bounties” it would pay (up to $40 for each completed loan application), according to a posting I found on the web.

Most of these affiliate programs are of the usual variety that require the affiliate to put voluntary and clearly-identified links on his website that are “tagged” with his identifying information—that is, the banker, the affiliate, and you (the link-clicker) should all know what’s going on and who’s doing what to whom. These programs (many of which are run by Commission Junction) have at least a veneer of respectability. In the case of many mortgage spams, however, I suspect that the leads-for-cash transactions are done a bit further under the table.

With this much money up for grabs just for getting people to fill out applications, you can see where the spammers come in. They’re the ones doing the deceptive hard selling, allowing the bankers to whom the sell the leads to remain (relatively) detached from it all. This is classic, know-nothing, mainsleaze spamming.

Morphology of mortgage spam

At this point, there seem to be many outfits involved in mortgage spam, to judge by the varying “fingerprints” in their mailings.

Like drug spams, the mortgage pitches are generally mailed via direct-to-MX from computers all over the place. Many of the mailings come from the netblocks of broadband home internet providers, indicating that these spammers have open-proxy “bot-nets” at their disposal. The from-addresses are invariably phony, and the to- and cc- fields often include many addresses (and yours may or may not appear). The subject lines often do not contain any indication that the messages are mortgage advertisements.

Many of the perps send simple plain-text e-mails (which must be heavily disguised with “creative spelling” in order to evade filters), while others use embedded images (albeit relatively crude ones) to carry the pitch:

Here, the portion from “FINAL NOTICE” down to “Bill Ellian” is a GIF image embedded in the spam message using multipart MIME and a CID: link in the HTML markup, which is a very common plan for many other types of spam as well. Note the raggedy bottom of this image, which seems to be a frequent feature of the GIF images used by spammers (sometimes the images will be so badly mangled that some software will refuse to open or display them). The nonsense text below this image (“aggrieve it libation...”) appears in the HTML markup (i.e., not in the image file), and is presumably intended to fool Bayesian spam filters into thinking that this isn’t spam.

Whatever their form, the messages usually contain links to a website housing a form for potential victims customers to fill out; this form requests all sorts of personal info, items that would be required in the typical basic mortgage screening application, but (not coincidentally, I imagine) would also be useful to spammers and identity thieves.

These websites are usually hosted offshore (usually in mainland China or in South Korea). They are called out with strange “alphabet soup” domain names (and often similarly tortured host names); these domains don’t last very long, as the spammers will usually get a new domain name and a new (crooked) DNS setup for each spam run. More than likely, you won’t be able to load one of these sites if you wait a week or more after the spam (not because the site isn’t still there, but because its former name can no longer be resolved by DNS).

Features of spam mortgage pitches

A couple of the most popular rhetorical devices in these spams are shown in the example above: the old “final-notice” and “we-tried-to-contact-you” dodges. These are supposed to make the reader think that he’s just about to miss out on a really great offer (and, since these guys are serial spammers, they may actually be telling the truth here—they probaby did try to contact you many times before—although you can bet that this won’t be the “final notice”).

These spams will also indicate that you, personally, have qualified for a certain amount of money (usually very high) at a certain interest rate (usually very low). The spammers assure you that you’ll get this offer even if you have bad credit or are bankrupt (dream on!). Yes, “straight” mortgage companies do post typical rates in their advertising, but they don’t promise these rates to you personally (at least not until they’ve looked at your application). And anyway, if the offer was intended just for me, how come it is addressed to so many other people (see the cc: field in the picture above).

Typically these spams (as in the case above) do not identify a specific mortgage company by whom the offer is made. They are usually signed with a (phony) name and possibly some impressive-sounding title.

I hope I will be stating the obvious when I advise you not to respond to these spams. If you do, you’ll end up dealing with the seamier side of the mortgage industry, those firms who are not above relying upon spam-generated leads. Plus, should you fill in one of these forms, you wil effectively be putting a big sign on your back saying, “steal my identity!” There are simply too many other ways to find reputable mortgage lenders for you to fool with these crooks.

 home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   

(c) 2003-2007, Richard C. Conner ( )

04751 hits since March 27 2009

Updated: Sat, 18 Aug 2007