I’m a major fan of the YouSendIt service, which is an FTP replacement. You use the service to upload a file, either via a browser or their Express client for Mac/Windows. The file can be huge — up to 100MB with a free account, or up to 2GB for paid accounts. After the file is uploaded, YouSendIt sends an email notification to the recipient(s), and they can retrieve it at their leisure via HTTP download.
I use YouSendIt all the time to send large digital files, including photographs, to my colleagues. (You can read my comments about the Express client here.)
In the case of today’s phishing spam, the email I received was a valid file notification sent via YouSendIt. The problem is that the sender was a spammer, and the payload was a Word document that was a phishing attempt.
• The subject line, as entered by the spammer: Emergency From Mrs. Aisha Al-obeid ( Iraq Woman Read It Well)
• The name of the Word document: Attn from iraq woman.doc
• The message body: Dear please download the file and read my mail, I want to invest in your country from Iraq woman
The Word doc contained was the usual type of phishing message. You’ve seen them hundreds of times.
It’s a shame that the YouSendIt service is being abused this way. I hope YouSendIt finds a way to filter out such messages in the future, perhaps by disabling the sending of anonymous or non-verified messages.