Saturday, August 08, 2020

Spam Sources

Spam is not limited to email anymore - those robocalls you receive, texts you get from someone you don't know?  Spam.  So how do these people get your email address, your number?

Each and every time you sign up for something online, each account you open, any sweepstakes you enter, you are giving your permission to sell your information.  This is called "opt-in" and is usually the default for each and every one of those entries.  Make sure you read a vendor's Privacy Policy and you have a way to "opt-out" of any information sharing with third parties BEFORE clicking Join.  And if there is one, they usually do NOT make it easy to do.  See this article from Security Week to read more.

If you have a Facebook account, think about the information you have to provide about yourself before you can use it - name, gender, date of birth, email and/or mobile number.  Then think about the information Facebook is able to gather about you AND every friend in your network.   Every ad you click on, any personal information added to your profile, and ALL of your activity.  THEN consider any third party apps you've enabled, such as Candy Crush, Spotify or Uber.  All that data is capable of being sold to numerous agencies, which in turn start hounding you with emails, calls and texts to buy or try their product.   

Another method of sharing your information is by logging in or signing up with something other than your email account (also known as Single Sign On or SSO).  I do not see any privacy statement or terms of use indicated in either of these signons. You are giving that app permission to access your Facebook, Yahoo and/or Google account.  If you have social media accounts such as Facebook, review your web app settings frequently and revoke access to those other accounts (See Data Weaponization).  

 Many apps make is so easy to just sign in with your Facebook account, your Google account.  Too easy to do without considering the consequences. 

Of course, data breaches are also responsible for various spams and scams, but those types of communication are usually malicious in nature.  Your data is sold to next buyer, who in turn crafts emails with malware links to attempt to further invade your privacy and take your money.  But how do you tell the difference?  My answer is to treat them ALL as malicious; mark as Junk, block the number, but do NOT respond.  

Do NOT unsubscribe unless you are positive the link is legitimate.  From a NewCloud Blog:

Spammers hit millions of email addresses daily, but not all spammers know if the emails they spam are active email addresses. Just like marketers want to ensure they’re sending emails to valid email addresses, so do spammers. After all, the likelihood of someone clicking on a link in the spam email is higher if the email address is valid and active.  

If you do hit “unsubscribe”, spammers can validate that you’re an active user on that email account. Your email address just became a hot product for spammers of all types. In fact, hitting “unsubscribe” could actually result in 100’s of more spam emails to your inbox every day.  

Another possibility is that the unsubscribe link is corrupt and will download malware, ransomware or other viruses onto your computer. This can put you and your company at significant risk.