Slashdot Mirror
Some Spammer Has a Crush on You
A friend of mine and I were bit by SomeoneLikesYou in the last week. The scam is elegant in its simplicity. The site teases you with an email claiming to know someone who likes you, then makes you guess who it might be by submitting their email address(es). Each of those addresses receives a teaser email just like yours. Rinse, repeat. I ignored the message -- obviously a fake; I couldn't possibly be anyone's crush :-) -- but my friend took the bait and fed it some demographic data and email addresses. Once she realized what was going on, she wrote to everyone apologizing for any spam they may have received. She also sent a nastygram to the site's operators.
It should be pointed out that there is no proof that SomeoneLikesYou is doing anything nefarious with the data they're collecting. However, their credibility is not strengthened by their faked WHOIS records and their meaningless doubletalk on privacy issues (the declaration, "We send precisely zero e-mail advertisements," says nothing about the behavior of their partners/affiliates.)"
I have an e-mail address that I have used to register for exactly one thing: AOL Instant messenger. I've never sent any other e-mail through this account, I've never published the address on the internet, or anywhere else for that matter. Yet apparently someone who has a crush on me has managed to get that e-mail address and report it to Crushlink! I don't even want to log on to the site to get onto their opt-out list because I don't trust them enough not to sell my address once they have verified that there is an actual person behind it.
Argh, I hate spam.
If some lame service requires you to supply them with an e-mail address, use a one-time address.
Read is once for your password. If you start receiving spam you know the originator and can iglore that address.
Spammotel provides in such a service. Also some providers allow you to use alias@your_name.your_isp.com, making it simple to track the origin of spam and making it easyer to filter (loveletter.com@my_name.my_isp.com)
Hotmail serves the purpose of one-time accounts very well. How hard is it to forget about a hotmail account anyway?
Privacy is terrorism.
Funnycard is also just an email harvester! It has the subject:
Message from person_you_know via the FunnyCard Network.
It comes with a forged header, that says it's sent from the person_you_know (of course it was my sister). Clicking on the link then requires you to put in 4 (fake of course) email addresses to see the card. As soon as you submit it, it sends the same email to all 4 addresses with a forged return address of YOU (you get back the send errors that the fake users you sent to, don't exist). Displays some lame joke (that the sender never saw), and says goodbye.
At the bottom, it adds "The call is charged as a long distance call - For UK the charge is 2.5 Pence/sec" which is £1.50 per minute. Even then, I don't think that's enough to cover them legally, as I beleive they have to state the cost as a per-minute rate.
Fortunately, I'm not stupid enough to believe that these messages are for me. No-one I know sends messages in bright yellow with red and blue headings.
Just remember how UK phone charges work:
01/02 - standard long distance geographic number. Basically cheap.
05 - I don't think this is used, except 0500 which is free
07 - mobile, going to be quite expensive
08 - information. Generally increasing in cost as number increases, except for 0845 charged as local
09 - premium rate. Cost determined by operator, without limit.
00 - international. Again expensive.
If you don't know what the number is, don't dial!
Never sign up anywhere with a real email address. /dev/null, and you never hear about them again.
Instead, get an account on Spamgourmet, and you'll have as many disposable email addresses as necessary, that will work only as many times as you want. Then they become a direct link to
Seriously. This service rocks.
-- B.
This sig does in fact not have the property it claims not to have.
If so, let him know -- I was pretty surprised when someone had a crush on junk@rpgexchange.com, a dummy address I have never used or published ever :)
:)
"Disclosure to Third Parties
We may occasionally, for entertainment purposes, disclose non-personally identifiable information to registered Crushlink users about other users.
We do not share our mailing list with any other company, person or entity."
For your entertainment purposes, the CrushLink founder Greg Tseng's contact emails at Stanford (physics dept.) and his Harvard alum email:
gytseng@stanford.edu
gtseng@post.harvard.edu
Show him you have a crush on him too by offering him things like "Free Inkjet Printer Cartridges", the "Lowest Mortgage Rates Around", how to make "$204,000 in 2 months", and hell how to "Increase Your Energy and Sex Drive!"
-fren
"Where are we going, and why am I in this handbasket?"
http://www.mitre.org/research/nanotech/pictures/ts eng.gif
:)
looks like he needs all the help he can get
-fren
"Where are we going, and why am I in this handbasket?"
People do all sorts of cute things with their dogs, like get them credit cards and such.
I've worked for MITRE for the past 11 years. We don't do spam. We do systems engineering, R&D, and IT support for the government: originally for the Air Force, then the other armed services, the FAA, and the IRS. MITRE is not an ordinary defense contractor; it comprises three Federally Funded Research and Development Centers. The idea is to provide expert, unbiased technical advice which the customers can't keep in-house and which they can't get from for-profit contractors.
We always have a bunch of part-time undergraduate co-op students around -- I had one working for me in 2000. The two people named in the Salon article were co-ops in the nanotech research department in 1999. I'm quite sure that their duties didn't include a "someone likes you" spam engine, and I imagine they'll get an earful -- if they are still working for us, three years later -- from their unlucky manager.
I don't think it was very nice of Salon to link MITRE into this story. If you google for Tseng and Schleier-Smith, you find the MITRE link. If you paste that link into your story, it looks like MITRE is somehow connected. But we aren't.
Now, the site just gave me another one of those "Try again" or "Think Harder" messages, however, a few hours later, both my real account and the fake one received a message saying there was a match on the list I'd submitted. One assumes the delay is to keep you entering email addresses even after you've entered the correct one.
It should be noted, however, that the match message didn't say who it was. It promised to reveal that if I signed up for some service. Since I already knew, I didn't bother, my best guess would be that, yah, once they've managed to get you to provide them with a big list of working addresses, and signed up for a service, generating income for them, they probably would have told me who it was.
Incidently, they don't tell you it someone removes you from their match list. Presumeably they don't want you to know they someone doesn't like you anymore. Perhaps we need a SomeHatesYou.com for this vital service... :)
As for the original message, this is problematic. The address is unfortunately both one that a lot of people, particularly someone matching the profile I got back mining for hints, might send me mail at. At the same time, it's also listed on a college website I admin, so it may have just been harvested. Who knows. If someone in that particular circle of friends likes me, they're going to have to be a bit more forward. The hints are vague enough to be almost useless if you have a large enough circle of friends. Basicly, if it's real, it's one of my "college friends", which I already knew based on the email address they used...
Eh bien, c'est la vie...
"Convictions are more dangerous enemies of truth than lies."