Spam using my full name? Security hole?
Anders H
Gmail username - but my complete name! My questions is where did this
spammer get my name from? I never use it myself, except for my Gmail
account details. Usually I go by a shorter version of my name so this
could really only be from Google. I receive plenty of spam with my
username somewhere in the message - that´s not what I am looking at
here. Is this a Google Mail security issue? Or is it that easy for
spammers to get my details - without me even having replied, visited or
clicked their message?
F. H. K. A
That does not sound like good news! I hope it will not Google's
security issue. It seems that you put or wrote your name somewhere
while filling information for example. As far as I know is that these
companies where you put your name (but you are saying you never use it)
send emails back to you. I would try to see if you ever did that. I am
not sure how does this work exactly but I did my best explaining.
Herchu
It's hard to tell. I don't think this is due to a security hole in
GMail but
a clever way spammers use to get and relate personal information.
For instance, they have software that can relate the email sender with
his/her signature data. Also, think about mailing-lists, a web page
form
you've completed, blog info, a company's promotion coupon, a neglected
friend of a friend of friend of yours that forwarded a personal email,
etc.
While living in a North America or European country helps, it takes a
lot of
effort in our digitalized society to hide our personal data from the
rest of
the world.
Anders H
> a clever way spammers use to get and relate personal information.
> For instance, they have software that can relate the email sender with
I was expecting a few replies that would go down this path. Like I said
I am not talking about spam where they simply inserted my Gmail
username into a greeting, out of several thousands a month this one
message contained my complete name. I am very careful with my
information and I frequently use pseudonyms to protect myself. I never,
ever, use my full name because it contains Scandinavian characters
(æøå) and because it is quite long with several given and family
names etc. That is why this message got my attention - except for my
bank and the government I never use my full name - so this spam message
stood out in the crowd! Not even close friends know all my names :)
> While living in a North America or European country helps, it takes a
> lot of effort in our digitalized society to hide our personal data from the rest of the world.
I do live in a European country and 99,999% of my spam is from the US
:) If only I could create a custom Gmail filter where [English
content]=Spam.
Julie
Or perhaps from an ancestry tracing site. I notice that Anders Halden is prominent in several Norwegian Ancestry lines
Nick Chirchirillo
Anders H
> It is perhaps unlikely, but maybe they found your full name from an online
> telephone directory. Often such directorys have email address too.
>
> Or perhaps from an ancestry tracing site. I notice that Anders Halden is
> prominent in several Norwegian Ancestry lines
Indeed that part of my name is not hard to find... Except my names is
quite a bit longer than that. And that name does not appear in any
directory.
Anders H
> It also seems that your email address is in fact your full name. It
> probably wasn't too hard for a spammer to put the pieces together and get
> your name.
Just to make my point perfectly clear: No, my email address is only
PART of my full name. I also said that my full name includes
Scandinavian characters, these cannot be included in email addresses.
Like I said I am not surprised when I receive spam that uses my Gmail
username. From what I have read lately it probably involves some
exploit like this:
http://jeremiahgrossman.blogspot.com/2006/01/advanced-web-attack-techniques-using.html
Herchu
> > probably wasn't too hard for a spammer to put the pieces together and get
>
> PART of my full name. I also said that my full name includes
> Scandinavian characters, these cannot be included in email addresses.
> Like I said I am not surprised when I receive spam that uses my Gmail
> username. From what I have read lately it probably involves some
Could be.
The security hole allow to retrieve your contact list *not* your
account data.
Does *your* full name appear in *your* contact list?
If it doesn't, then the exploit could be done on a friend/relative of
yours
that also uses gmail, who have added your email address along with your
full name in his/her contact list.
-H.
Herchu
Could be. Notice however, that the exploit is over the contact
list *not* the account details.
Do you have *yourself* listed with *your* fullname in *your*
contact list? If you don't, another chance could be that one
of your friends or relatives (a gmail user too) has you
listed with your full name and the exploit was done over
him.
Anyway, we are speculating here.
Again, in my own opinion, I fear other institutions more
than Google. For instance, Carrefour (and I'm not blaming
then it's just an example) has my email, my address
(for delivery), my consumer profile, my full name,
not to mention credit card data. Also, my phone number
is public through the white pages. There are software
and digital directories for sale that allows anybody to
do reverse lookup on phone numbers.
Spammers or, actually, marketing people are experts in
solving the personal data puzzle. After they exploit
the solution they sell it.
Had I got a dog, spammers could even know its name if
they manage to get the customer listing of my local vet.
-H.