Showing posts with label spam. Show all posts
Showing posts with label spam. Show all posts

Friday, November 16, 2012

Papa John's Spam Blast: Oops

"Papa John's faces $250 million spam lawsuit"
Olivia Smith, CNN Money (November 13, 2012)

"Popular U.S. pizza chain Papa John's faces a $250 million class-action lawsuit for blasting customers with illegal text messages.

"The plaintiffs allege that Papa John's (PZZA) franchises sent customers a total of 500,000 unwanted messages in early 2010. The spam texts offered deals for pizza, and some customers complained they were getting 15 or 16 texts in a row, even during the middle of the night, according Donald Heyrich, an attorney representing the class.

" 'After I ordered from Papa John's, my telephone started beeping with text messages advertising pizza specials,' Erin Chutich, one of the plaintiffs, said in a statement. 'Papa John's never asked permission to send me text message advertisements.'

"The pizza franchises sent the text blasts through a mass text messaging service called OnTime4U, which is also a defendant in the case. When Papa John's was first sued in April 2010, the franchises allegedly ended their involvement with OnTime4U's text program...."

Somehow, somewhere, someone got the idea that pestering customers - in the middle of the night - was a good idea.

Or maybe it was a programming glitch.

The CNN Money article says that the Telephone Consumer Protection Act of 1991 requires wannabe spammers to wait until folks opt in to a text messaging spamfest.

Papa John's, OnTime4U, and probably a lot of other outfits, will be contributing to the welfare of lawyers for quite a while, in the Lemming's opinion.

Nearly-related posts:
Posted by at No comments:
Labels: , , , , ,

Monday, February 6, 2012

Lemming Tracks: States Provide Voter Information (and email addresses - EEEEK!)

If you registered to vote in one of these states, and put your email address on the voter registration form, you'll probably be spammed:
  • Arkansas
  • California
  • Indiana
  • Iowa
  • Missouri
  • Oregon
  • New Jersey
  • Rhode Island
  • Wisconsin
    (FoxNews.com)
The government in these states decided to sell email addresses they'd collected during voter registration. Don't worry, though: they didn't sell to just anybody. Only the 'better' sort could buy your address.

States Sell Contact Lists: Legal, Yes; Smart, Dubious

"Move over robo-calls, states sell email addresses for campaigns to reach voters"
Kathleen Foster, FoxNews.com (February 6, 2011)

"If your email inbox starts overflowing with messages from political campaigns this election season, it could be because your state sold you out.

"A Fox News study has found 19 states plus the District of Columbia, now ask for an email address on voter registration cards. In nine of those states, email addresses from the cards are then sold to political parties, organizing groups, lawmakers and campaigns who can use them to send unsolicited emails.

"If it were a Viagra ad, it be considered a crime in some states. But a political message, that's all perfectly legal.

"The CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) law enacted in 2003 puts restrictions on commercial mass emailing, but not on political mass emailing. Politicians can 'spam' and do. Political messages of any kind, including electronic, are protected free speech under the First Amendment...."

Here's where it gets interesting.

On the one hand, folks who cooperatively gave their email addresses to (some) state governments will be getting a whole lot of more-or-less coherent campaign stuff in their inbox. Assuming that their spam filters don't deal with it first. That could be annoying.

On the other hand, these spam lists are fairly well-focused. The only folks affected are those who:
  • State residents
    • Who registered to vote
      • Presumably have some interest in who
        • Runs
        • Wins
    • Wanted to give their email address
  • Politicos and their ilk
    • Political
      • Parties
      • Organizing groups
      • Lawmakers
      • Campaigns
People who vote presumably want to know something about the candidates they'll support, and the issues they'll support or condemn. That's the idea, anyway: and that's another topic.

Voters could reasonably be expected to be interested in what politicos and their marketing people have to say. Int a way, selling email lists is no more an 'invasion of privacy' than providing a list of names and addresses.

The difference is that it's a whole lot easier, faster, and cheaper, to email than to call or drop envelopes into the United States postal system. That can mean more efficient communication: or massive accumulations of drivel. So much depends on whether the folks sending emails have common sense.

What If the Government Wouldn't Share?

"...'Political communications are not spam. Political communications are a demonstration of free speech in America,' said Stuart Shapiro, president of iConstituent, a Washington, D.C.-based firm which uses state-generated email lists to send messages on behalf of clients on all sides of the political spectrum.

" 'There is a tenet in government that is based on communicating with our constituents, and email is one of the most effective ways to do it,' Shapiro said. 'People look forward to it and want it.'

" 'Politicians love the fact that their perceived freedom of speech is more important than voters' privacy,' said Shaun Dakin, president and CEO of The National Political Do Not Contact Registry, a non-profit voters' rights advocacy group based in Falls Church, Va...."

"Political communications are not spam" is true, to a point. Provided that the states sell lists to all political parties, and keep the cost low enough so that all but the best-funded are excluded. Then there's the potential for excluding parties and candidates who aren't sufficiently green, patriotic, or diverse.

"Privacy," and Getting a Grip

"...Like phone numbers, email addresses are not required to register to vote anywhere in the United States. Giving the information is optional, but that may not be clear to the average voter.

" 'I think this is really one of those untold stories. It's all going on behind the scenes,' said Kim Alexander, president of The California Voter Foundation, a nonprofit organization which produced the study "Voter Privacy in the Digital Age.'..."

Since the Lemming lives in a small town, "privacy" in the sense of anonymity isn't a factor. Like the old gag says, 'if you can't remember where you were today, ask someone: they'll know.' The Lemming loves it here: but folks who want to be part of a faceless crowd probably wouldn't like it. And that's yet another topic.

A key point here is that states aren't demanding email addresses as a voting requirement. That, in the Lemming's opinion, would be as bad an idea as the old pre-civil-rights voter registration requirements that kept the 'wrong sort' away from elections.

And 'not clear to the average voter?' The Lemming suspects that The Masses are nowhere near as stupid, ignorant, or irresponsible, as the establishment believes we are. Yet more topics.

These states ask for email addresses on voter registration forms:
  • Arizona
  • Arkansas
  • California
  • Colorado
  • District of Columbia
  • Delaware
  • Indiana
  • Iowa
  • Maryland
  • Minnesota
  • Missouri
  • Nebraska
  • New Jersey
  • Oregon
  • Rhode Island
  • Tennessee
  • Virginia
  • Washington
  • Wisconsin
  • Wyoming
    (FoxNews.com)

Opting Out/Confirming and Common Sense

"...Receivers of political emails do have the right to opt-out from lists -- they just can't do it in one click. Instead, they must do it with every email they receive, clicking on an "unsubscribe" link, if the email has one or by replying to the sender with 'Remove Me' request.

"Shapiro says few people actually do this.

" 'iConstituent, last year, probably mailed more than a billion email records out throughout all of America for Congress for various other legislators and we have a very, very low unsubscribe rate. It is well under one-tenth of 1 percent.'..."

It's interesting that under 0.1% of folks respond to those "unsubscribe" notices. It may mean that folks on the voter email lists like getting the messages. Or it may mean that they've learned not to respond to such things.

It wasn't all that long ago that the Lemming learned by experience to ignore and delete unwanted email. That was when some outfits were collecting lists of working email addresses by sending to all more-or-less likely possible combinations of name ("local") and domain. Folks who clicked on the 'unsubscribe' link, or sent a 'don't bother me' email back, had confirmed that the email address was in use. And that whoever used it read their email. Spam by the bucket would follow.

Ah, the 'good old days.' Yet again more topics.

Related posts:
Posted by at 2 comments:
Labels: , , , , ,

Wednesday, April 6, 2011

Lemming Tracks: Epsilon Breach, Spam, and Getting a Grip

First, the good news: This could have been worse.

Now, the bad news: Lots of folks may see lots more spam.

What Happened

Quite a few American companies use the same marketing service to handle their lists of customers who don't mind getting emailed advertising.

That means that folks who make online purchases, or use software/services like Intuit's TurboTax, could get email from some crook who wants access to their online identity.

So, as usual: If you get an email saying it's from Intuit - or any other company - that says your safety relies on clicking a link and giving your account numbers, passwords, name, physical address, date of birth, or any other personal information - - - don't.

The Lemming's Advice: Don't be Daft

While the Lemming is handing out useful advice: drinking gasoline isn't good for you, either. Which reminds the Lemming of stupid warning labels - and that's another topic.

They Know EVERYTHING?! - Actually, Not

So, who's affected, and how? Here's what the Lemming's found, along with what the hackers know - and what they don't.
  • Target
    • Names, no
    • Financial information, no
    • email addresses, yes
  • Marriott
    • names, yes
    • Financial information, no
    • email addresses, yes
  • Hilton Hotels
    • Names, yes
    • Financial information, no
    • email addresses, yes
Others:
  • JPMorgan Chase & Co
  • Citigroup
  • Capital One
  • Kroger (supermarkets)
  • Walgreen
  • Best Buy
  • TiVo
Is that a comprehensive list? Most likely not: The Lemming didn't spend all that much time, researching this article. More advice from the Lemming: If you're concerned, check with the companies you do business with online. But right now, it looks like more spam is the biggest problem most of us will have.

Epsilon and the companies they served? That's partly why the Lemming isn't sorry to have missed the 'success' career track. Intentionally. Sorting this mess out is going to be a major headache. I the Lemming's opinion.

And Now, the News - and Views

"Tax prep maker warns customers of Epsilon email hack impact"
Gregg Keizer, Computerworld (April 6, 2011)

"Intuit on Tuesday warned its customers to be on alert for identity theft scams after a breach at a major marketing firm put millions of email addresses in hackers' hands.

"Although the maker of the popular TurboTax tax preparation program and the Quicken personal financial software was not among the more than 50 companies whose customer data was stolen, it cautioned users nonetheless.

" 'Intuit is not an Epsilon customer so the information you have entrusted with Intuit is not affected,' the company said in an alert published Tuesday on its site. 'However, Epsilon serves many large organizations including banks, insurance companies and retailers [and] you may have received one or more notices from companies you do business with who are clients of Epsilon.'

"Irving, Texas-based Epsilon Interactive acknowledged last week that attackers made off with customer email addresses and names, but the company has not shared much more information than that....

"...The popularity of tax-related cons may have prompted Intuit's move, said Ed Cohen, vice president of corporate development at SonicWall, a San Jose-based network security company.

"It's certainly the right time of the year for tax scams.

" 'There's actually little correlation between the volume [of tax-oriented schemes] and April 15,' said Cohen, talking about the traditional tax-filing deadline in the U.S. 'We actually see more of an uptick after the 15th, in the May or June time frame, with fake refund notifications....

"...The Internal Revenue Service regularly warns U.S. taxpayers about those and other scams....

"...'The economics are such that they need only a very, very small percentage of people to fall for a phishing attack to make money,' Cohen said.

"And that's not hard: According to data from SonicWall's online phishing quiz, people incorrectly identify fake and legitimate emails 22% of the time.

"Another possibility is that hackers will use a combination of the Epsilon addresses and tax refund scams to try to break into corporate networks....

"...That's how hackers beat the defenses of RSA Security last month, when an RSA employee opened an infected email attachment.

" 'The [fake] messages from the IRS or a bank may not even have money as their direct objective,' said Cohen. 'In the RSA attack, what they really wanted was corporate access. The attackers got through because an employee 'unjunked' an email and opened an attachment, which planted malware.'

"A message claiming that the recipient has a larger-than-expected refund coming would make a perfect vehicle for attacks based on the RSA model, Cohen argued.

" 'They're not always after bank info,' he said. 'These are smart guys. Whether it's tax-related or not, we'll be seeing the Epsilon email addresses being used.' "

That's a longer excerpt than the Lemming generally posts: but there's pretty good information there. And more in the original article.

Bottom line, in the Lemming's opinion? Learn about phishing and how to avoid it; be wary of email that wants you to click a link and/or open an attachment - and check the URLs and email addresses. The Lemming's no expert - but that's a start.
"Massive Security Breach Adds Target, Marriott to Growing List"
Reuters, via FoxNews.com (April 5, 2011)

"More U.S. companies, including Target and Marriott International came forward to tell their customers that their names and email addresses had been exposed in a massive online data breach.

"Last week, a computer hacker penetrated the online markeeter[!] Epsilon, which controls the customer email databases for a broad swath of companies, from Citigroup to Walgreen.

"In what could be one of the biggest such breaches in U.S. history, companies from banks and retailers to student-testing organizations have warned customers that some of their electronic information had been compromised.

"The disclosures continued on Monday, as Epsilon indicated that the breach had hit about 50 companies in all. Discount retailer Target and hotel chains Marriott and Blackstone Group LP's Hilton Hotels informed their customers that their names or email addresses had been part of the data breach.

"Epsilon, an online marketing unit of Alliance Data Systems, sends more than 40 billion email ads and offers annually, usually to people who register for a company's website or who give their email addresses while shopping.

"Security experts said the massive data breach should only put customers at risk if they respond to camouflaged emails seeking their credit card and other financial information...."

This is where the Lemming found information for that list of affected firms. There's a link to the original Reuters article at the end of this post - but the FoxNews.com piece is pretty much the same, with a bit extra.

Again, this seems to be another of those common-sense 'don't be daft' situations for consumers.

What, No Rant?

The Lemming is of the opinion that Epsilon shouldn't have let their customers' data get hacked. Which, unless Epsilon fixes whatever went wrong - and convinces the companies they do business with that they've done so - is going to be bad for Epsilon.

Target and all are going to have problems, too, in the Lemming's opinion. There's the expense of dealing with a non-routine situation, bad publicity, and possibly fewer customers.

Folks at the Lemming's end of things will be affected, too, sometimes. No 'savvier-than-thou' stuff is coming: although the Lemming is a bit more online-smart than many; this household's systems have had a few problems with malware getting in. It can happen. 'The Lemming's only human?!'

The closest the Lemming will get to a rant is this: If you get an email that says "Valved customer I are concerning you confidential tax farms not safety. Be please to Czech full passwords and other things kink here" - - - don't click on that link. Or Czech that whoever is at the other end has your data.

If they didn't before you clicked the link - they may after you do.

Somewhat-related posts:
In the news:
Posted by at 1 comment:
Labels: , , ,

Tuesday, September 21, 2010

Twitter Bug or XSS Attack: Seems to be Getting have Gotten Fixed

"Twitter under attack by 'mouseover bug' "
Yahoo! News (September 21, 2010)

"Twitter came under attack on Tuesday as hackers exploited a security flaw to wreak havoc on the microblogging service.

"Computer security firms said thousands of users, or more, were affected by the bug, which appears to send out or 're-tweet' messages simply by rolling over an infected link with the computer mouse.

"Those hit by the bug included Sarah Brown, the wife of the former British prime minister who has over one million followers on Twitter, and White House press secretary Robert Gibbs.

" 'My Twitter went haywire - absolutely no clue why it sent that message or even what it is... paging the tech guys,' Gibbs wrote on @presssec.

"Twitter said it had identified the attack and was working on a solution...."

Here's what the Lemming read on the Twitter website.

"XSS attack identified and patched. 1 hour ago

"We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.

"We expect the patch to be fully rolled out shortly and will update again when it is.

"Update (6:50 PDT, 13:50 UTC): The exploit is fully patched."

In the meantime, the Lemming will be careful about rolling over links in Tweets. Particularly blank ones.

Back to the Yahoo! article:

"...Cluley said the bug was allowing messages to pop-up and third-party websites to open in a Web browser including links to pornography sites.

"He said that in Sarah Brown's case her 'Twitter page has been messed with in an attempt to redirect visitors to a hardcore porn site based in Japan.'..."

The "bug" sounds more like malware to the Lemming, but - well, as I've explained before, I'm "apathetic" only in a certain sense of the term.
Posted by at No comments:
Labels: , , ,

Tuesday, February 16, 2010

Lemming Tracks: Comments and Spam

Yesterday, the Lemming found one too many come-ons for Chinese-language porn sites.

Since I started blogging, I've had a policy of not moderating comments. I liked the way it kept posts up-to-date, and figured you didn't mind seeing what you'd said under the post as soon as possible.

Yesterday, that changed. Sorry, but I'm moderating comments from now on: except for one or two blogs where I think it's important to demonstrate that I'm not 'censoring' ideas that conflict with mine. I'm still thinking about those. Not the censoring - I've gotten some of my best material from people who think I'm a poo-poo head - the moderation.

Watch Your Language

This blog is in English. Although I'm more-or-less familiar with several languages, I'd appreciate it if you write your comments in English. It's the only language that you can be certain the readers of this blog understand.

That's one reason I started moderating, by the way. The most common language for a comment from a porn service was Chinese, with Japanese running a distant second. I do not track individual viewers of this blog (who has that kind of time?), but I do look at the usage logs. Quite a few visitors here almost certainly understand Chinese and/or Japanese.

What to many Westerners would be a set of attractive abstract shapes would, for those visitors, be a laundry list of obscenities. I can't be sure, but my guess is that many of the folks from east Asia are not into that sort of thing.

Anyway, the Lemming thought you might want to know what happened to the 'instant' comments.

Sorry about that, but [expletive deleted] happens.

I checked, by the way, and the system for letting me know that there's a comment to make works. I'm looking forward to your 'real' comments.
Posted by at No comments:
Labels: , , ,

Monday, March 2, 2009

Best-Case Scenario: Phishing

Something new in my email today: a "Confirmation of ticket purchase at www.delta.com" - with a zip attachment. No, I didn't open the attachment.

I did, however, immediately check with my credit card provider - and "I" haven't bought any airline tickets.

My guess is that I'm looking at an attempt at phishing. Or, maybe just an effort to get malware into my computer. And, that whoever's doing this is technically proficient and clueless about the English language.

The email message was a mix of clever deception, and odd errors.
  • "support [at] delta.com" was the sender's listed address.
    • delta.com is, in fact, a domain registered by Delta Airlines
  • "Booking number: DEVKAM"
    • Granted, there are around 240,000,000 possible combinations of 6 letters (if I did my math right)
      That's still a pretty small number for a unique booking ID
    • But, what do I know?
  • Odd vocabulary
    • "daily press" might be used as a rather la-dee-da term for "today's paper"
    • "You are guaranteed top-quality services and attention on the part of our benevolent personnel." Is not something written by a person familiar with American English.

My Guess: Someone's Spoofing the Delta.com Domain

Purchasing an airline ticket is so far out of my way of life, that even a perfectly-written message would have been suspect. I can see someone who travels frequently, or who really wants to, opening that attachment.

I don't thank that would be a good idea. At all.
Update (March 4, 2009)
Thanks, Patrick, for your comment. I'm taking the liberty of repeating the first part here:

"Note: the attachment is a self-extracting executable zip file. Don't forget that .zip is always potentially .exe..."

The Message from "Delta:"

Redacted a bit.

Subject:
A Confirmation of ticket purchase at www.delta.com
From: "Delta Air Lines"
Date: Mon, Mar 02, 2009 5:57 am
To: <[email address redacted]>
Thanks for the purchase!

Booking number: DEVKAM

You will find attached to this letter PASSENGER ITINERARY RECEIPT of your electronic ticket.
It verifies that you paid the ticket in full and confirms your right for air travel and luggage transportation by the indicated flight Delta Air Lines.

On board you will be offered:
- beverages;
- food;
- daily press.
You are guaranteed top-quality services and attention on the part of our benevolent personnel.

We recommend you to print PASSENGER ITINERARY RECEIPT and take it alone to the airport. It will help you to pass control and registration procedures faster.

See you on board!
Best regards,

Delta Air Lines
Posted by at 2 comments:
Labels: , , , ,

Saturday, February 2, 2008

A Moderately Geekish Way to Dodge Spam

"how to make the internet not suck (as much) - 0.0.0.0 version"

This looks like it might be useful. Following the (somewhat technical) instructions, should block access to unwanted material, including malicious e-card sites from 123greetings.com to www.laugh-mail.net, and spam sites from 10pg.scl5fyd.info to zyrtec.4.p2l.info.
Posted by at No comments:
Labels: , ,

Thursday, September 27, 2007

Stop Abuse of Innocent Bloggers?


Here's something that's a change from the usual 'stop the abuse' pleas:

"Fight Spam not Blogs / 11 Reasons against nofollow" - this is a thoughtful post.
Posted by at 2 comments:
Labels: , , ,

Sunday, September 2, 2007

Never Heard of Quechup? Lucky You!

"Spam alert! Just say no to Quechup" explains what Quechup is, and why you shouldn't sign up for the service.

It looks like good advice. I did a quick search, and found "spam" and "sting" repeated in reference to the service.
Posted by at No comments:
Labels: , , , ,

Friday, August 10, 2007

Another Descendant of the Chain Letter? "Millionaire For A Day!"

Despite the title, I haven't made up my mind whether this sort of post is a full-fledged descendant of the chain letter, or not.

My guess is that this is regarded as a way of increasing traffic. I may discuss that in another post.

This post seems harmless enough. No money was requested, or other item of value. And the question appealed to me.

I'll get to the fun part in a minute. The only big issues I see about posts like this is that
  • They place an additional strain on the Internet's capacity to handle traffic, without adding very much in meaningful communication
  • Links in these posts are not relevant, since they do not serve to connect the page to another page with related content.
I'm not going to take a side on either one of them.

The fun part:

In the extremely unlikely event that I had a million dollars (and, assuming I received it), I'd: give 10% off the top to charity; find out how big a piece of the action the IRS wants, and what it would take to clear family debts; set up a live-off-the-interest fund; and stop worrying about how I'm going to support my family.

Okay, there's probably be some significant upgrades to my computer, and maybe a flatscreen television in the mix, too.

Here's what a friend of mine at BlogCatalog.com asked me to participate in. I can't stop you from copying it and continuing the chain, but I won't insist on it, either.

Instructions: ***Start Copy***

Proposition: If you Have $1,000,000.00…………………………
Requirements: continue above sentences
Tag Mode: 5 bloggers
Link: Add your anchor and post link below.

What They Do With Their $1 Million

1. SYH will spend for Family
2. Miche will give to the needy
3. Montessorimum will keepsake
4. Lovely Mummy will spend & save
5. MummyInVain will fully utilise
6. Babyfiona will buy house and open business
7. MonkeyWong will go for a long vacation
8. Emila Yusof will realise her dream
9. Mariuca will open a Perfume Gallery
10. Hin will blog to donate for charity
11. Norski will Tithe 10% off the top

Instructions: ***End Copy ***

A few technical notes: I stripped a great deal of formatting out of this list, so that it would display legibly in this blog.
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)
Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Visit Brian H.'s profile on Pinterest.

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?

WebSTAT

Family Blogs - Blog Catalog Blog Directory