HN

Comments (58)

• Menu

  iamcalledrob
  The "Cloud Storage Full - ACTION REQUIRED" emails sure aren't helped by Google, who communicate in a similar way.The amount of borderline harassment I get about my Google Drive being almost full is shocking.They have really amped up the ferocity of the language they're using to try and extract money from you for Drive. No wonder spammers are copying that.
• hollow-moe
  They don't even need to actually vibecode the emails. Some scam reached my gmail inbox for the french railway company advantage card at a "too low to believe" price. They just downloaded an original email, replaced content urls to their own host and all links to their scam page. Yes, all links even the socials lol. There's one link that was removed instead of replaced (but the text was still there): the unsubscribe notice. I didn't check the page but the email was well done since it just was an edited official one and if the page was equally made I'm sure at least some people got scammed there.
• Menu

  Ucalegon
  Leaders in the email security space have been seeing this for a while now [0], this is not new. The problem is the means to protect consumer mailboxes outside of Gmail, isn't cost effective since most people do not actually pay for their consumer mailbox and the impacts of compromised accounts do not actually impact the providers. It is going to be interesting to see how this plays out in the consumer space as the complexity of the problem continues to grow while the technology used to stop it stays in the early-2010s.[0] https://siliconangle.com/2023/12/19/new-report-warns-rise-ai...
• mememememememo
  It is better to use the term phishing for spam that is attempting to comprimise your security, over just trying to sell something.LLMs are interesting for phishing as they allow personalisation. Spam is no longer, well exactly the Monty Python meaning.
• autoexec
  The mail I care about doesn't look like ad copy. It's usually plain-text or at least reads fine when displayed that way. It comes from people I know and/or care about. Attached images don't display by default. Remotely hosted anything doesn't even get requested. Fancier looking spam is just going to be easier to spot.
• isaachinman
  It's very sad indeed that email ever allowed HTML. The world would be a better place if email was only plaintext
• Menu

  shusaku
  For years I’ve read people claim that the reason spam emails were low quality was to filter for idiots. If the spammers are now reaching for coding agents to clean up the presentation, it seems that theory was bunk.
• QubridAI
  Vibe-coding is fun until your API keys start vibe-sharing themselves with the internet
• Menu

  sudo_cowsay
  But is this something new? Wasn't using AI for scamming around for a long time?Scammers started using LLMs to write fishing emails, then scammers started generating images, then they started using AI to vibe code it. Its just a natural progression.From https://news.ycombinator.com/item?id=47435156, we can know that India has a ~70% positive view on AI. While scammers likely didn't fill out the survey, it shows the general view on AI from where most scammers work from and live.
• userbinator
  The (now possibly vibe-coded) email clients hiding link destinations and the real senders' addresses as well as making it very hard to see the actual message content including all headers don't help either. Scammers might get the visible body content very convincing, but one look at the Received: and From: headers is still a reliable way to discern.
• suroorw
  All these marketing pages with big bold text and unaligned scattered images have always felt spammy to me even when vibe coding was not there. Now that it is, you will ofcourse see that multifold. Given the humans are still the same behind it.
• Menu

  b00ty4breakfast
  Spam and LLMs are made for each other; pumping out content, with little concern for quality, at industrial scale is what LLMs most excel at.Even if it's not the only they can do.
• vancroft
  Email clients should just strip out hyperlinks. You link in the email? Write it directly, then people can copy/paste it. It wouldn't stop all phishing, but it would be a start to increase people's awareness of shady links.
• eightman
  The use case for AI is, was and always will be spam.
• Menu

  sankalpnarula
  Blacklisting Phone numbers and IP are gonna become extreme now, to the point it wont allow any unknown number/email without `karma` to reach anyone.
• Menu

  saidnooneever
  definitely a big issue especially with all the big places now vibe coding and leaking all our damned data in plaintext. a lot of people are getting hit real hard now. its not a joke or overstatement.
• mostertoaster
  I thought the “sponsored by nobody” thing to donate through was another example of the spam at first.
• add-sub-mul-div
  That LLMs are enabling more use cases to hurt us than help us is too obvious to deny. But too many people think they're going to be the ones getting rich from it so they pretend it's not the case.
• imiric
  This is hardly new, and it goes far beyond spam emails. Most of the content produced and consumed on the internet is now done by machines. A human may or may not benefit from directing a machine to do this, and the ways they do are often highly opaque, with several layers of indirection. It doesn't take a genius to see that this is ushering in a new era of scams and spam."AI" companies are responsible for this mess. They should be held accountable for digging us out of it.
• monster_truck
  I've gotten so much blatantly obvious garbage like this. The corner radiuses etc always give it away.Recently reported nearly 200 firebase accounts to google, haven't gotten any since
• anon
  undefined
• Menu

  viccis
  This is interesting but I am not surprised. People got used to spammers putting in zero effort because it's a game of scale for them. Well now zero effort still gets them all the way there when it comes to looking convincing.
• righthand
  Full circle.
• segmondy
  ... does't matter if they got flagged as spam.
• AKSaathwik
  [dead]
• FlowPagesVael
  [dead]
• microbuilderco
  [dead]
• iam_circuit
  [dead]
• Heckinator
  [dead]
• irenetusuq
  [dead]
• wearethecompute
  [dead]
• Menu

  Cider9986
  At this point, if you give out your email and not aliases; it is on YOU.