You're Invited! To a Spam Party
Forget those Nigerian phishing scams. The Scots are coming!
Amy Joyce, a colleague of mine here at The Post opened an Evite the other day to learn she had won 500,000 pounds in a Scottish lottery.
Her "host" was one aptly named Steven Award. The location of the shindig: Scotland, UK. The date: Tuesday, Oct. 10, at noon.
She was asked to supply her full name, ticket number, age, sex, occupation, address and telephone number. She also had to sign her name to the following: "I endorse that this email address is mine, and that I am the rightful winner of the random lotto prize," and was warned that any false declaration would be "persecuted by law."
Evite, which is owned by Ticketmaster, explicitly forbids spamming. They also limit the number of people you can invite to 750 to prevent spamming and, according to an Evite spokeswoman, will kick you off Evite if you send out 750 E-mails and no one writes back.
Obviously, crooks have managed to find a way around those restrictions. The Evite spam is yet another example of how scammers are getting more sophisticated at using social networking tools to find and reach their targets.
Paul Stephens of the Privacy Rights Clearinghouse in San Diego theorizes that Amy's e-mail was harvested off the Web--all our e-mails are on the Post Web site--and then Evite was used to deploy the actual phishing message, which made it past the Post's super-strength spam blocker.
It's not hard to see why criminals are getting savvy about exploiting socials networking tools, such as Evite, blogs and sites such as MySpace.
A December 2005 study, in which researchers at Indiana University actually spammed students as part of an experiment, concluded that people were more than four times as likely to respond to a scam e-mail if it looked like it was sent by an acquaintance. (The same study also found that women were more likely to respond than men, and men more likely to respond if the message appeared to be sent by a member of the opposite sex.)
So, is there a way to be able to use these tools the way they're intended without opening yourself up to the bad guys?
Stephens recommends that when posting your e-mail on any public site you write it out. For example: AnnysShin at Washpost dot com. For now at least, the phonetic formulation is enough to stump most e-mail harvesting software.
He also recommends using at least one e-mail for general distribution, and another that you give out selectively to business you have regular contact with such as your bank and to friends.
Another option is to go to sites such as spamgourmet.com that create disposable e-mail addresses you can use each time you correspond with anyone. You will still get your e-mail seamlessly, but you won't have a fixed address a spammer can latch on to.
Have scammers and spammers found you through a social networking site or tool such as Evite? Were you fooled?
Please email us to report offensive comments.
Posted by: Alex | October 3, 2006 10:00 AM
Posted by: ironhyde | October 3, 2006 10:33 AM
Posted by: tallbear | October 3, 2006 10:51 AM
Posted by: Manny | October 3, 2006 11:14 AM
Posted by: Anonymous | October 3, 2006 11:19 AM
Posted by: Southern Maryland | October 3, 2006 11:23 AM
Posted by: J from Bethesda | October 3, 2006 1:37 PM
Posted by: Chris | October 3, 2006 1:55 PM
Posted by: CyanSquirrel | October 3, 2006 3:42 PM
Posted by: washingtonpost.com | October 3, 2006 4:09 PM
Posted by: cyansquirrel | October 3, 2006 8:59 PM
Posted by: TBG | October 4, 2006 7:21 AM
Posted by: cb | October 4, 2006 7:36 AM
Posted by: RJ | November 8, 2006 5:12 PM
The comments to this entry are closed.