Why would a spammer try to get a (normal) image of mine?
There was a psychology experiment where two groups of homeowners went door-to-door and asked, ironically, for people to consent to display a large and ugly sign in their yard that said some form of, "Keep America beautiful."
What distinguished how the two experimental groups were treated was that one group was asked beforehand to agree to display an index card in their front window with the same theme. Almost everybody agreed to display the index card.
Agreeing to display the index card had a notable effect. People who were asked up front to display the sign in their yard usually refused (about 30% of them agreed). People who had displayed the index card usually agreed (about 70% of them agreed).
The point made in reference to this experiment has been called the "foot in the door effect." Agree to something little, and you are much more likely to agree to much more.
Add in this case that if someone is trusting, and perhaps like many people online a little lonely, sending a picture may not seem too much to ask. And you have a foot in the door opening up to problems much worse than mishandling of the German language.
What I miss in the other answers is that an image may contain extremely useful information about you. A jpg contains blocks like the EXIF metadata (here in IrfanView):
and even more interesting, the IPTC or XMP metadata:
giving the spammer possibly:
- camera type (how expensive and sophisticated)
- your full name
- under contact possibly your full address !
- your location, sometimes even the GPS coordinates
- the time the image was taken.
You can remove the header information with jpegtran or other image optimizers. I do not know why camera producers do this (or I suspect they exactly know why they do this and do not care or actively try to get money for the information), but with their programs you should install for accessing the camera they insert loads of valuable information about you.
ADDITION: @Erronoeus pointed out in the comment (in case it gets deleted) that images are often taken and sent by a smartphone. This allows attackers to identify the running OS (possibly finding out if the device is vulnerable) and gives the IP address, allowing e.g. to pinpoint the current location and getting other information. In case of the example we know for example the person's name and that he has married on July 20th, 2007. This gives possible entry points for security access codes (Keycode: 2007 Safe code: 20-07-20 Telephone question for bank account: When did I marry ?).
There are so many potential things that could be happening here. The attacker may try phishing by having you click a malicious link which containing malware such as keyloggers or similar. The attacker could also try social engineering to gather all information he/she can about you before attempting to get into your account. Keep in mind most e-mail servers will include the originating IP when sending e-mail so they could get your IP and attempt to hack into your computer. The spammer may be just gathering active e-mail to send spam later down the line.
- Phishing
- Social Engineering