Warning Flare

12 August 2011

When I'm required to provide a working e.mail address for a relationship with an institution, I usually creäte a new address, specific to my account with that institution. The address itself is typically that of a forwarder, and that forwarder is almost always to an address whose sole purpose is to receive the e.mails from these various forwarders.

One benefit of this arrangement is that, if I want to disconnect from that institution, I can delete the forwarder. But my real concern has been control of spam. If I receive spam, then from the address of the forwarder I can determine which institution provided my address to the spammers; and I can cut-off the spammers by deleting the forwarder.

This morning, I received three pieces of spam, each with the title UPS notification, each ostensibly from UPS, and each with a body

Dear customer.


The parcel was sent your home address.
And it will arrive within 3 business day.

More information and the tracking number are attached in document below.

Thank you.

Copyright © 1994-2011 United Parcel Service of America, Inc. All rights reserved.

(Anti-spam software on the mail-server removed any attachment.) Many of you will have got e.mail similar or identical to this; it's a trick that has been employed now for years.

But what is of particular interest is that each of these three messages came to the address that I'd provided exactly and only to Fred Flare .com. So Fred Flare has allowed some or all of my account information to be leaked to some party who tried then to hijack my computer.

Upon discovering the first two, I quickly tried to contact Fred Flare. My first attempt failed because their own filters prevent the delivery of attachments, and I'd attached copies of the spam. My second attempt therefore omitted these, which potentially compounds the problem for Flare.

In my case, I can just delete the forwarder once I'm done communicating with Fred Flare, but other, more trusting people provided their principal e.mail addresses. It would be no small task for Fred Flare to make it right for those people, but it is the responsibility of Fred Flare to do so.

Tags: ,

This entry was posted and is filed under commentary, ethics, information technology, personal, public. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to Warning Flare

  • Keith says:
    6 September 2011 at 05:57:05

    Hi Daniel,

    Thank you for contacting the Better Business Bureau and notifying us of this problem. I just emailed you at your forwarder email to tell you that we were investigating whether or not our ESP had been hacked but now that I've discovered this post I am arriving at the conclusion that the issue must be coming from UPS. UPS emails tracking of our orders to the email provided at time of purchase and since your spam details include UPS info I think this is a fair deduction. I will contact them as well and update you so you can 1) resolve the complaint you have with us and 2) open a new one with UPS. More soon! Thanks again.

    Reply
    • Daniel says:
      6 September 2011 at 12:33:37

      I contacted you on 12 August concerning this matter. I'm hearing from you on it for the first time on 6 September.

      As to the spam containing UPS info, some of it contains UPS references, but some of it contains references to the New York State Department of Motor Vehicles, and it's rather unlikely that you or UPS gave my address to them.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.