Email marketing firm smacked by the SEC

Yes, the SEC. Really.
Apparently the email marketing firm mUrgent, which provides services to the restaurant and hospitality industry also had a side business. According to the complaint filed by the SEC last month, they had an entire boiler room set up to sell shares for their non-existent IPO.
I’d never heard of this firm before, so I did a little digging. First step, check out their website.

Screen Shot of the mUrgent Website
mUrgent website
Overall, it looks like a fairly standard email marketing website. Pretty splash page, appropriate links, it even shares the names of the management team. So what is this with the SEC filing a complaint against the company? I kept doing some digging, and discovered that the principals behind mUrgent have a rather storied past.
In 2000, they were cited for violating securities laws in the State of Wisconsin. This also points out they were cited in 1996 and 1999 in Kansas and Pennsylvania respectively.
An ex-employee outed them on Scamchecker.
And they have their own page on entrepreneurs.about.com discussing how they’re an example of what not to do.
They are not the only email marketers out there that have been involved in scams, only the latest ones. But still, if you’d asked me to look a their email services page I would not have picked out that they were any different from any of the other hundreds of email marketing companies out there.

Related Posts

Another security problem

I had hoped to move away from security blogging this week and focus on some other issues. But today I see that both CAUCE and John Levine are reporting that there is malware spam coming from a Cheetahmail customer.
Looking at what they shared, it may be that Cheetahmail has not been compromised directly. Given mail is only coming from one /29, which belongs to one customer it is possible that only the single customer account has been compromised. If that is the case, then it’s most likely one of the Cheetahmail users at the customer got infected and their Cheetahmail credentials were stolen. The spammer then gained access to the customer’s Cheetahmail account.  It’s even possible that the spammer used the compromised customer account to launch the mail. If this is the case, the spammer looked exactly like the customer, so most normal controls wouldn’t have noticed this was a spammer.
This highlights the multiple vectors these criminals are using to gain access to ESPs and the mailing systems they use. They’re not just trying to compromise the ESPs, but they’re also attempting to compromise customers and access their accounts so that the spammer can steal the ESPs hard won and hard fought sending reputation.
Everyone sending mail should be taking a long, hard look at their security. Just because you’re not an ESP doesn’t mean you aren’t a target or that you can get away with lax security. You are also a target.

Read More

Spammers and the law

Robert Soloway, one of the people crowned with the title “Spam King”, has been released from jail. He was an extremely prolific spammer, generating over 10 trillion messages over the course of his career.
As Mr. Soloway exits jail, another spammer heads to serve his 20 year sentence. Peter Maxson Anyanyueze sent Nigerian 419 spams telling people they could profit from helping him move money around. The scam is that the victim needs to pay small amounts of money, sometimes totalling tens or hundreds of thousands of dollars.

Read More

Be on the lookout

I’m hearing more rumors of ESPs seeing customer accounts being compromised, similar to what happened with The Children’s Place.

Read More