The Checkout

You're Invited! To a Spam Party

Forget those Nigerian phishing scams. The Scots are coming!

Amy Joyce, a colleague of mine here at The Post opened an Evite the other day to learn she had won 500,000 pounds in a Scottish lottery.

Her "host" was one aptly named Steven Award. The location of the shindig: Scotland, UK. The date: Tuesday, Oct. 10, at noon.

She was asked to supply her full name, ticket number, age, sex, occupation, address and telephone number. She also had to sign her name to the following: "I endorse that this email address is mine, and that I am the rightful winner of the random lotto prize," and was warned that any false declaration would be "persecuted by law."

Evite, which is owned by Ticketmaster, explicitly forbids spamming. They also limit the number of people you can invite to 750 to prevent spamming and, according to an Evite spokeswoman, will kick you off Evite if you send out 750 E-mails and no one writes back.

Obviously, crooks have managed to find a way around those restrictions. The Evite spam is yet another example of how scammers are getting more sophisticated at using social networking tools to find and reach their targets.

Paul Stephens of the Privacy Rights Clearinghouse in San Diego theorizes that Amy's e-mail was harvested off the Web--all our e-mails are on the Post Web site--and then Evite was used to deploy the actual phishing message, which made it past the Post's super-strength spam blocker.

It's not hard to see why criminals are getting savvy about exploiting socials networking tools, such as Evite, blogs and sites such as MySpace.

A December 2005 study, in which researchers at Indiana University actually spammed students as part of an experiment, concluded that people were more than four times as likely to respond to a scam e-mail if it looked like it was sent by an acquaintance. (The same study also found that women were more likely to respond than men, and men more likely to respond if the message appeared to be sent by a member of the opposite sex.)

So, is there a way to be able to use these tools the way they're intended without opening yourself up to the bad guys?

Stephens recommends that when posting your e-mail on any public site you write it out. For example: AnnysShin at Washpost dot com. For now at least, the phonetic formulation is enough to stump most e-mail harvesting software.

He also recommends using at least one e-mail for general distribution, and another that you give out selectively to business you have regular contact with such as your bank and to friends.

Another option is to go to sites such as spamgourmet.com that create disposable e-mail addresses you can use each time you correspond with anyone. You will still get your e-mail seamlessly, but you won't have a fixed address a spammer can latch on to.

Have scammers and spammers found you through a social networking site or tool such as Evite? Were you fooled?

By Annys Shin |  October 3, 2006; 7:20 AM ET Consumer News
Previous: After the Spinach Outbreak | Next: Who's a Bandwidth Bandit?

Comments

Please email us to report offensive comments.



After I signed up w/MySpace, my spam increased tenfold. Fortunately, Yahoo's junk algorithm is pretty good, and only one or two messages/day make it into my inbox.

Posted by: Alex | October 3, 2006 10:00 AM

I've gotten a lot of spam mail from networking sites etc. So much so that I've ditched several email addresses. But what I've discovered recently that most of the spam I get is in the sites themselves, like MySpace and Youtube. It seems like everyday i get a number of spam emails in sites like these, where you don't have spam filtering or filtering that you can configure the filter. But what I found most interesting lately was a Citi phishing scam that I received asking me to verify my CitiBank info, it looked authentic and everything. Problem is I don't bank with Citi or anything. I got a kick out of that.

Posted by: ironhyde | October 3, 2006 10:33 AM

I've posted in newsgroups for years, before it became necessary to disguise your real address, so my email been floating around for years, thanks to sites that store every message.

So for that address, the spam filter rejects everything not from my approved whitelist.

BTW, who really responds to spam with intentionally misspelled words? Isn't this the biggest red flag you could have?

Posted by: tallbear | October 3, 2006 10:51 AM

Why would anynone accept an invitation/email/lottery notification from a complete stranger?. Nothing and I mean NOTHING is free in this life.

Ask yourselves that question.

Posted by: Manny | October 3, 2006 11:14 AM

I have a personal website and "own" the domain name. The hosting package gives me 500 or so email accounts but if something comes in to an address at my domain (say "Blah@mydomain.com" and "blah" isn't a valid mailbox, it gets forwarded to my mailbox).

So, if I order something online at say "DiscountElectricHut.com" (made-up for this example), I use the address DEH@mydomain.com or ElectricHut@mydomain.com. I get the confirmation email but if I get spammed, I can set it up so all mail to that address gets automatically deleted.

Posted by: Anonymous | October 3, 2006 11:19 AM

My e-mail service blocks all incoming e-mails that are not from people in my address book. These unsolicited junk e-mails go into a 'junk folder' which I scan and delete the truly unwanted emails. I don't even open them because that can trigger an alert to the senders that it's a legitimate mailbox. No, I have never responded to the pleas for money to a deposed Nigerian prince, or the viagra emails or the singles in my area emails. Use a little common sense, folks. Don't sign up for ANYTHING requiring money or your credit card number sent to some unseen and unknown gremlin out there in cyberspace.

Posted by: Southern Maryland | October 3, 2006 11:23 AM

I always use a graphic of my email address when I post my address on my own websites. But once a friend posted my email address on his website as text, and the flood gates opened.

Posted by: J from Bethesda | October 3, 2006 1:37 PM

But... I've already won the European lotto, the African Lotto, and the Scottish Lotto. I'm also heir to countless plane crash victims and assassinated people. Their lawyers all told me so! Surely someone wants to give me millions of dollars! LOL... Yeah, the CITI scam was funny too...

Posted by: Chris | October 3, 2006 1:55 PM

How ironic...a blog about spam gets SPAMMED! Thanks for your post, Che...NOT! Wish the Post.com would filter this user out. S/he has been abusing many of these forums for a while now, posting politically slanted garbage that has nothing to do with the post at hand. Grr...

Posted by: CyanSquirrel | October 3, 2006 3:42 PM

Spam comments removed.

Posted by: washingtonpost.com | October 3, 2006 4:09 PM

Thank you, editors :-)

Posted by: cyansquirrel | October 3, 2006 8:59 PM

This is a hilarious site about how some folks are fighting back:

http://www.419eater.com/

Posted by: TBG | October 4, 2006 7:21 AM

che needs to be deleted again...

Posted by: cb | October 4, 2006 7:36 AM

Recieved cashier's check from Scottish random lotto. Ever hear of it or is it just another scam. Check is from 5th/3rd bank, but I'm not sure I should cash it.
Let me know what you find on it. Thanks RJ

Posted by: RJ | November 8, 2006 5:12 PM

The comments to this entry are closed.

 
 

© 2010 The Washington Post Company