Fraudulent signups or spam?

This morning I got spam from a major data broker / ESP / credit reporting agency claiming I’d signed up on some college website. In the UK. To check my credit score.
Uh. No. No I didn’t.
Of course, it’s very possible someone did use my email address when signing up for something at a UK university.  They probably got a t-shirt or free pizza out of it. But that doesn’t really matter to me. A certain credit agency is  spamming me with irrelevant and horribly targeted advertisements for their services and claiming the mail is opt in.
I know that address is widely sold in the UK to “legitimate” marketers. It’s very possible that it was purchased by the spammer in question. Or, I dunno, maybe they’re the ones selling it.  As a victim, I don’t really care why a company is spamming me.
Part of a sender’s job to make sure their data is accurate. And they failed.
But for this particular company, that’s par for the course. When I posted about this over on Facebook, I had multiple friends pointing out that this company regularly spams and sells spamming services.
Spammers gonna spam.
 

AOL accidentally hard bounces valid mail
Why is bounce handling so hard

Related Posts

TWSD: Run, hide and obfuscate

Spammers and spamming companies have elevated obfuscating their corporate identities to an artform. Some of the more dedicated, but just this side of legal, spammers set up 3 or 4 different front companies: one to sell advertising, one or more to actually send mail, one to get connectivity and one as a backup for when the first three fail. Because they use rotating domain names and IP addresses all hidden behind fake names or “privacy protection services”, the actual spammer can be impossible to track without court documents.
One example of this is Ken Magill’s ongoing series of reports about EmailAppenders.
Aug 5, 2008 Ouch: A List-Purchase Nighmare
Sept 9, 2008 Umm… About EmailAppenders’ NYC Office
Sept 15, 2008 E-mail Appending Plot Thickens
Nov 11, 2008 EmailAppenders Hawking Bogus List, Claims Publisher
Dec 23, 2008 Internet Retailer Sues EmailAppenders
Feb 1, 2009 EmailAppenders Update
Mar 10, 2009 Another Bogus E-mail List Claimed
April 14, 2009 EmailAppenders a Court No-Show, Says Internet Retailer
April 21, 2009 EmailAppenders Gone? New Firm Surfaces
May 5, 2009 EmailAppenders Back with New Web Site, New Name
Their actions, chronicled in his posts, are exactly what I see list providers, list brokers and “affiliate marketers” do every day. They hide, they lie, they cheat and they obfuscate. When someone finally decides to sue, they dissolve one company and start another. Every new article demonstrates what spammers do in order to stay one step ahead of their victims.
While Ken has chronicled one example of this, there are dozens of similar scammers. Many of them don’t have a persistent reporter documenting all the company changes, so normal due diligence searches fail to turn up any of the truth. Companies looking for affiliates or list sources often fall victim to scammers and spammers, and suffer delivery and reputation problems as a result.
Companies that insist on using list sellers, lead generation companies and affilates must protect themselves from these sorts of scammers. Due diligence can be a challenge, because of the many names, domains and businesses these companies hide behind. Those tasked with investigating affiliates, address sources or or mailing partners can use some of the same investigative techniques Ken did to identify potential problems.

Read More

Target acquires email addresses, exposing more customers to data breaches

As most folks now know hackers broke into Target systems last December and stole financial and other data from 110 million customers. Target has been responding to this breach reasonably well. They’ve been notifying customers that were affected and they’re providing credit monitoring for affected individuals. They seem to be totally on top of protecting their customer’s data and privacy.
Mostly.
They seem to be purchasing or otherwise acquiring email addresses from at least one major retailer in order to send out notifications about the breach to customers that never gave them email addresses. Yes, even those of us who chose not to give Target email addresses are receiving email from them.
I understand Target’s drive to contact affected users. I even appreciate that. What I don’t appreciate is that Target appears to be compromising my security in order to notify me my security was compromised. The data of mine that was compromised at Target would be credit card and possibly address information. My email address was not part of the compromise. So what does Target do? They go and acquire my email address from a third party.
Their solution to the compromise is collecting more data that is vulnerable to compromise from unrelated third parties? I’m not sure this is the most consumer friendly thing Target could do. In my case, Target sent mail to an address I’ve only given to Amazon. That means I now need to worry about my Amazon account security, on top of everything else.
Ironically, the email sent by Target tells me that I can click a link and get free credit monitoring. Then the email goes on to tell me the following:

  • Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number.
  • Delete texts immediately from numbers or names you don’t recognize.
  • Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.

Don’t click links within emails I don’t recognize? You mean like the one you just sent me? With a link to a credit monitoring website?
I appreciate the notice. I don’t appreciate is that Target went out of their way to collect more information about me than I actually gave them. I am now worried about Amazon’s security as well. How did Target get an address only provided to Amazon? I don’t appreciate that my efforts to keep my information secure (not providing email address to Target) was undermined by Target themselves.
The full text of the email, with the relevant headers (munged slightly for privacy) is under the cut, if anyone is interested.

Read More

Appendleads is not unusual

I called out David Williams from appendleads.com yesterday for his spam. Sure he’s a spammer, his database is full of garbage information and his email violates CAN SPAM but he’s not that unusual in the realm of list sellers. He is very typical of the people I see offering lists for sale.
List sellers are the internet version of used car salesmen. Everyone knows they are slimy sales guys who will do anything to close the sale. They don’t have a real web presence, just visit appendleads.com and see what I mean.
And yet, people still buy lists from them! I have no doubt that my spammer friend has a nice little business selling email addresses. He sends out spam, he gets a few responses, makes a tidy profit and then sends out another spam, hooks a few more people and makes more money.
OK, so not all list sellers are like appendleads. Some of them go so far to build a website. But at the core they’re the same. They are selling data that isn’t clean, it’s not opt-in, it’s not been verified.
This is why so many of us harp on not buying lists. The sales guys talk a great game, but they aren’t selling what purchasers think they’re getting. They also don’t care. They have no incentive to clean up their data. They have no incentive to accurately represent what they’re selling. All of the risk is on the person that sends the email. Once they have their money, the buyer is on their own.
Can you ever successfully purchase a list? I’m sure some senders have. But that experience is closer to winning more than a thousand dollars in the lottery than an actual good business decision.

Read More