Slashdot Mirror
Some Spammer Has a Crush on You
A friend of mine and I were bit by SomeoneLikesYou in the last week. The scam is elegant in its simplicity. The site teases you with an email claiming to know someone who likes you, then makes you guess who it might be by submitting their email address(es). Each of those addresses receives a teaser email just like yours. Rinse, repeat. I ignored the message -- obviously a fake; I couldn't possibly be anyone's crush :-) -- but my friend took the bait and fed it some demographic data and email addresses. Once she realized what was going on, she wrote to everyone apologizing for any spam they may have received. She also sent a nastygram to the site's operators.
It should be pointed out that there is no proof that SomeoneLikesYou is doing anything nefarious with the data they're collecting. However, their credibility is not strengthened by their faked WHOIS records and their meaningless doubletalk on privacy issues (the declaration, "We send precisely zero e-mail advertisements," says nothing about the behavior of their partners/affiliates.)"
funny, some weeks ago I received a SMS on my mobile with the same content, telling me: Someone who is too shy has a crush on you.
To find out dial: 0190-whatever
0190 is in Germany the dialing prefix for Premium rate-services (from 1 to 10 euros/minute)
I didn't call but looked in the newsgroups if someone has: works exactly the same way you described:
- please give us some mobile numbers from persons you guess that might be it..
My numbers come from here.
$100 gets 10 million addresses. It costs $3,000 to send these 10 million messages. Let's assume a capital outlay of $3,100 per week, which seems reasonable.
A "positive response rate" of 0.1% to 1% is expected. Say 0.1%, since this scam is especially egregious, that's 10,000 responses per week, is 10,000 suckers per 60 * 24 * 7 = 10,080 minutes.
That means a sucker is born every minute (every 59.52 seconds, actually), which we already knew.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
I got these stupid e-mails too, but they wouldn't release the address of your so-called crush until you furnish them with e-mail address after e-mail address.
Instead of putting down bogus addresses, I submitted every abuse@{$insert ISP here} address and anti-spam address that I could think of. That'll give them something to think about.
Where does the school board find them and why do they keep sending them to ME?
EDU domains tend to scare spammers.. not only is there not much money to be got. They are likely to end up with some anti spam vigalante with a lot of free time that can be spent causing them pain.
So when my address was spammed by SomeoneLikesYou, I got on the phone. Sure enough, the one person who actually did it was my not-so-security-minded girlfriend.
So when I hit the site, I entered only one email address--hers. The site didn't like that, and since it doesn't like bounces either, I just started registering aliases on my linux box. So we had a@mybox.net, b@mybox.net, c@mybox.net, and d@mybox.net.
And, sure enough, when it finally accepted that, it said I had a match! (I also had some 4 more emails popping up in my inbox....)
Since the site demanded that I pay up-front or sign up for affiliate info, I went on my merry way, happy to know I hadn't offended anyone else.
About a month later, though, I got this email "Are you sure this loser Sara is right for you?" which told me to come back and visit the site again, threatening to remove my information and promising not to spam me again. I received a second mesage, again titled "Are you sure this loser Sara is right for you?", before I created a new procmail rule.
I figured I was lucky, I got everything I wanted to know without it costing me anything but the time. I doubt many others were so lucky.