The Spam Update

Gosh – it is amazing how time flies. Back in November 2016 I posted a  blog on avoiding spam. How about an update? Did what I predict work or not?

One of the key things I suggested was to set up multiple e-mail accounts and delegate their use based on risk. The e-mail you use with your bank and stock broker should not be the same e-mail you use when you visit a website to join a bird-watching club. Once a hacker compromises a low-security site, they will have your e-mail address at hand and will have one more avenue to explore to gain access to more vital information.  

I set up e-mail addresses based on the following criteria.

•  Highly restricted – used only at the highest level of security such as my bank.
• An address dedicated to friends and family
• Another set up for non-profits with which I am associated
• Finally, an address assigned to all those impulsive Internet experiences. This is the least secured.

After almost two years, how did it go? Which type of e-mails were most prone to spam activity?

The good news is that the highly restricted address has remained rock solid.

The highest spam activity was, not surprisingly, non-profits. You would think the “impulsive Internet” address would be most spam-vulnerable. It was at times and I’ll explain more of that later. But the non-profits are vulnerable for one important reason – cc’d messages. Ever notice how your membership in the local bird-watching club ends up with messages being passed around to twenty people, who judiciously “Reply All” for such answers as “Yes” and “Can’t make it?” So, all it takes is for one of those twenty recipients to have their system compromised and your e-mail address is now a target. The non-profit e-mail address has declined recently to only four or five spam messages per day, but at one time it was as high as sixteen messages a day (most, fortunately, spam filtered). Tests showed that clicking “Unsubscribe” was pointless.

The “Internet” e-mail address is the one I use whenever I encounter those sites that require an e-mail address to allow you access to information. This address is vulnerable because of the nature of the websites’ business. I have observed only two major vulnerabilities here. First, job sites. Now CareerBuilder is a legit site. But I can’t speak for the thousands of “recruiters” it has that are of questionable integrity. As soon as I posted my job experience along with that e-mail address, I was within two weeks hit with a high volume of inquiries from recruiters that had obviously taken little or no time reviewing my resume. After about a year, I still get a trickle of unwanted requests.  I switched my resume to “private” at the site, which has reduced the solicitations further.

A more recent source of spam, however, is rather disturbing. This was generated through the stock brokerage service. I was researching a particular stock and wanted to see why a particular publication called for a Neutral position. I clicked on it and, not surprisingly, you are given an opportunity for a free 30-day trial to an analyst publication. Smelling a rat, I gave them my low-security e-mail address. After that I checked the box to NOT have third-parties solicit my account. Guess what? I think it is currently at 12 hits a day and that is after I clicked “Unsubscribe” to the publication’s messages. Sad commentary for a stock brokerage site to have a bumpkin publisher spamming it’s customers.

What about friends and family? Aren’t they just as vulnerable as any pool of members of the Internet community? Yes – they are. But I almost never send group messages to friends and family members. These are personal messages. So the risk of exposure is considerably lower.

In conclusion, I have very little, if any, spam traffic for high-security or highly personal e-mail – which are the messages that matter most to us. Definitely recommend you set up additional accounts for community organizations and routine low-security Internet activity.