Slashdot Mirror

← Back to Stories (view on slashdot.org)

Some Spammer Has a Crush on You

Posted by Hemos on from the i've-got-a-crush-on-you dept.

ewhac writes "Salon is running an article about how that cryptic email saying someone has a crush on you may not be what it seems. Portrayed as services to foster romance, some voice concern that some such sites -- two with falsified WHOIS records -- are preying on people's insecurities to build spam lists and directed relationship graphs (who knows who). One site in particular, SomeoneLikesYou, has the temerity to demand you subscribe to an affiliate marketing program or cough up $14.90 before it will hand over the email address of your alleged crush.

A friend of mine and I were bit by SomeoneLikesYou in the last week. The scam is elegant in its simplicity. The site teases you with an email claiming to know someone who likes you, then makes you guess who it might be by submitting their email address(es). Each of those addresses receives a teaser email just like yours. Rinse, repeat. I ignored the message -- obviously a fake; I couldn't possibly be anyone's crush :-) -- but my friend took the bait and fed it some demographic data and email addresses. Once she realized what was going on, she wrote to everyone apologizing for any spam they may have received. She also sent a nastygram to the site's operators.

It should be pointed out that there is no proof that SomeoneLikesYou is doing anything nefarious with the data they're collecting. However, their credibility is not strengthened by their faked WHOIS records and their meaningless doubletalk on privacy issues (the declaration, "We send precisely zero e-mail advertisements," says nothing about the behavior of their partners/affiliates.)"

7 of 277 comments (clear)

  1. Those things are spam + social engineering by Montag2k · · Score: 5, Informative

    I have an e-mail address that I have used to register for exactly one thing: AOL Instant messenger. I've never sent any other e-mail through this account, I've never published the address on the internet, or anywhere else for that matter. Yet apparently someone who has a crush on me has managed to get that e-mail address and report it to Crushlink! I don't even want to log on to the site to get onto their opt-out list because I don't trust them enough not to sell my address once they have verified that there is an actual person behind it.

    Argh, I hate spam.

  2. One time e-mail addresses by Fuzzums · · Score: 3, Informative

    If some lame service requires you to supply them with an e-mail address, use a one-time address.
    Read is once for your password. If you start receiving spam you know the originator and can iglore that address.

    Spammotel provides in such a service. Also some providers allow you to use alias@your_name.your_isp.com, making it simple to track the origin of spam and making it easyer to filter (loveletter.com@my_name.my_isp.com)

    Hotmail serves the purpose of one-time accounts very well. How hard is it to forget about a hotmail account anyway?

    --
    Privacy is terrorism.
    1. Re:One time e-mail addresses by DeadSea · · Score: 5, Informative

      You can't do that for this service. Your *friends* give them your email address. I'd like to find out which of my "friends" gave my personal email address to crushlink.com (a similar service) and beat them. However it looks like the only way I can find out is by entering the email addresses of all my friends so they all get spammed.

    2. Re:One time e-mail addresses by Jugalator · · Score: 4, Informative

      I've tried Spamgourmet. Excellent free service where you can do this:

      1. Register a username like "foo".
      2. Register at the MegaSpam forum.
      3. Tell them your e-mail address is megaspam.2.foo@spamgourmet.com.
      4. You will be forwarded the next 2 mails from the MegaSpam forum, probably containing password details as such things.
      5. Spamgourmet will then eat all mails from the MegaSpam forum.

      They also allow you to list trusted senders, which don't advance the message count for your temporary address, reply address masking, and password prefixes so others can't make up new addresses with your username.

      Pretty nice, especially as it's free and no ads or other catches. They have around 14,000 accounts as of today and eats about 12,000 spams/day. :-)

      And there's also despammed.org where any mails to that address will be filtered from spam before it's sent to your primary address or the web service. Everything on that site is free (and ad free) as well.

      --
      Beware: In C++, your friends can see your privates!
  3. Funnycard by Spackler · · Score: 3, Informative

    Funnycard is also just an email harvester! It has the subject:

    Message from person_you_know via the FunnyCard Network.

    It comes with a forged header, that says it's sent from the person_you_know (of course it was my sister). Clicking on the link then requires you to put in 4 (fake of course) email addresses to see the card. As soon as you submit it, it sends the same email to all 4 addresses with a forged return address of YOU (you get back the send errors that the fake users you sent to, don't exist). Displays some lame joke (that the sender never saw), and says goodbye.

  4. Re:The SMS lover scam by ranulf · · Score: 4, Informative
    Yeah, I've had about five similar message such as from "Flirt Love Box". "Tried to call you but you were out", "Tried to send an SMS", etc.. messages, all with 0909 premium rate numbers.

    At the bottom, it adds "The call is charged as a long distance call - For UK the charge is 2.5 Pence/sec" which is £1.50 per minute. Even then, I don't think that's enough to cover them legally, as I beleive they have to state the cost as a per-minute rate.

    Fortunately, I'm not stupid enough to believe that these messages are for me. No-one I know sends messages in bright yellow with red and blue headings.

    Just remember how UK phone charges work:
    01/02 - standard long distance geographic number. Basically cheap.
    05 - I don't think this is used, except 0500 which is free
    07 - mobile, going to be quite expensive
    08 - information. Generally increasing in cost as number increases, except for 0845 charged as local
    09 - premium rate. Cost determined by operator, without limit.
    00 - international. Again expensive.

    If you don't know what the number is, don't dial!

  5. Disposable addresses and Spamgourmet by Balinares · · Score: 5, Informative

    Never sign up anywhere with a real email address.
    Instead, get an account on Spamgourmet, and you'll have as many disposable email addresses as necessary, that will work only as many times as you want. Then they become a direct link to /dev/null, and you never hear about them again.

    Seriously. This service rocks.

    --

    -- B.
    This sig does in fact not have the property it claims not to have.