Posted by Mitch Mitchell on May 16, 2013
Before I get into this post, I’d like to mention that I was interviewed for the first time about my finance site, which was pretty cool. I also wrote one of my rare guest posts for Sonia of Logallot titled 7 Certainties Of Blogging That Prevent Boredom. Check those out if you’ve got the stomach for it.
Last September I wrote a white paper and put it up on my business website for potential clients to download. I decided I wanted to capture email addresses so I could follow up on some of the people who downloaded it. That turned out to be one of the biggest mistakes of my life, and I’m still paying for it. And I should have known better.
It worked pretty well initially, as more than 50 people downloaded it. Then suddenly I started to get a lot of returned email, only I hadn’t sent these emails out. It seemed that my business email address had been scrapped because of the script I used and was now sending spam email blasts out with my email address, though not from my IP; thank goodness!
Not only that, but these scammers have hacked into multiple people’s email accounts, though I haven’t been able to figure out which ones, because every email that comes back my way has a different person’s name on it, and every once in awhile when someone responds to it I can tell that they know the person by name.
I should have known better because this type of thing happened to me back in 2007 as well. At that time I created my newsletter page with a script so that people could give me their email address along with a message and also tell me which newsletter they wanted, as I was writing two at the time. Within months the same thing started happening, though not at the volume and length of time this one is. All I did then was remove the script and it stopped within a few weeks. This time around it’s been almost 8 months; help!
Actually, the official term is spoofing, and it seems there’s little I can do about it except hope it slows down at some point. One blessing is that, unlike years ago, my email address hasn’t been put on a blacklist. That’s because these days IP addresses are logged instead of email addresses, and none of them are coming from my IP.
Most of the time I delete the messages, but every once in awhile I download one and try to track down the IP address, though I know that’s fruitless. And I will download any emails where someone thinks they’re responding to their friend and tell them what’s going on, hoping that they’ll contact their friend and that they didn’t click on the link in the email.
What are the lessons to learn here? Check this out:
1. Find ways to verify any scripts you put on your websites. Maybe instead of just scraping your email address someone will figure out a way to get into your website or blog and hack it; it’s been done often.
2. Make sure that if you’ve got an email address on a site like AOL, Hotmail, Gmail, Yahoo, etc, that your password is strong. Don’t make it easy for scammers to find your stuff; use caps, numbers, symbols if allowed, and try to make your password at least more than 10 characters; I only have one that short.
3. If you ever receive an email from someone you know but there’s no signature file at the bottom of it, don’t open that bad boy. And if most emails you get from your friends don’t have signature files to begin with (shame on them), just look at the email and see if it resembles what you’d normally get from your friends. Some folks are just so trusting…
4. Make sure you have a good antivirus program running just in case you have a lapse of mental faith and decide to click on a link without thinking. Good software will prevent the virus or malware you just invited onto your computer from getting there.
So, feel sorry for me while taking precautions of your own; protect yourself, because there’s a lot of nefarious people out there.