The real problem with this is the difficulty that police forces have in combating this scam, and many others like it. In all coverage of this sort of thing, we have local police forces saying that they have difficulty solving these sorts of crimes. The difficulty arises because the criminals are often offshore and they use the Internet to place calls. The more clever ones prey on the most vulnerable by faking Caller-ID strings to make people think a neighbour is calling.
It’s beyond me why someone doesn’t ask where this money is going and what its being used for. It’s easy to say that the calls appear to be coming from India, but the few times I’ve been able to pry information from scam calls like this, they’ve been in Pakistan. Northern Pakistan. Granted, I’m about to engage in “geographic profiling”, but it seems to me that if scammers are calling from a location that’s controlled by groups we consider to be terrorist threats, it might be reasonable to conclude that the money is going to fund terrorist activity. Is that a big leap?
The scammer in the CBC article says that they take $10,000 per day from vulnerable Canadians. It also shows that they’re extracting money in small amounts. Four prepaid Visa cards to pay off a thousand dollars. That’s going to fly right under the financial monitoring systems designed to track money laundering.
But doesn’t sending $3.5 million a year to a potential terrorist organization sound like something someone should be paying attention to? Why isn’t our impressive communications surveillance infrastructure being used to trace the VOIP packets used to make these calls back to their source? Why aren’t our voice recognition systems set to flag the obvious keywords used in a scam like this? Can we at least disrupt these sorts of communications?
Local police forces are incapable of battling this kind of criminal activity, simply because they don’t have the tools or skills available. Action needs to be taken at the federal level.
Honestly I thought the whole affiliate spam thing died a well deserved death a decade ago, at least for any business that considers itself reputable. Hell even Vistaprint has cleaned their act up in this area.
But no, today I got a message to one of my role accounts (role accounts are things like sales@, support@, accounting@ and so on). As regular readers can probably guess the role accounts I use aren’t particularly easy to guess, but at the same time they’re for use by actual people, so they don’t have the same random characters I use for tracking addresses. Someone could have picked this address up from a variety of places.
The bottom of the email contains this text:
You are receiving this email because you subscribed to HostGator promotional newsletters. 5005 Mitchelldale Suite #100, Houston TX 77092 USA +1 (866) 964-2867
This is followed by a link with the label “Unsubscribe”. Here’s when the bullshit starts: it’s not an unsubscribe link. It’s an affiliate link. Here’s the target (with the affiliate ID obscured to stop the asshole in question from getting any traffic).
Now check the mail headers, and sure enough the DNS tracks back to members.linode.com, which is most certainly not HostGator. So I’ve opened a ticket with HostGator, and sent them a full copy of the message, which will give them enough information to find the asshole. It’s my hope they’ll be terminating the affiliate account without paying out a cent.
If I hear back, I’ll post an update.
That was quick, about 90 minutes later I got this message:
Thank you for contacting us with your concerns. We are taking the necessary steps to remove this affiliate from our program as this is a violation of our TOS. Thank you for bringing this to our attention.
We’re all used to getting spammed by fly by night businesses, all promising to solve some problem you might not even have, like getting to the top of Google. Most of us would enjoy the opportunity to physically assault (ok, at least verbally) the perpetrators of this garbage, so it’s not often that you see a legitimate business engage in this sort of thing.
Hey There!! Guess what day it is??? Happy Hump Day!!! 🙂
J here, “Badass In Charge” @Badass Programmers in California..
Badasses don’t send salesy emails, so I’ll be brief and say that I simply wanted to introduce myself and our Web & mobile app development team at Digital Brand Group (DBG)… Our group recently launched a special services division called “Badass Programmers.”
Our team is made up of some of the BEST Web & mobile talent you will ever work with, and we’re currently accepting new projects ¨C free beer included! 🙂
If you have any Web / mobile development, UI / UX design needs, or other design / programming related projects brewing, I would LOVE to schedule a call with you to discuss further!
Are you available for a call anytime this week or next?
Please let me know and thank you so much for your time!
P.S. You received this email because I thought you would find value in our team, but if you could care less, feel free to unsubscribe here.
Now I was thinking, “hey they’re all badass programmers, so maybe they just missed the whole ‘don’t buy some cr*p list from a shady broker'” thing. The email they spammed is the reply address from one of my systems. It doesn’t send mail unless you interact with it. Looks like one of our customers got his address list harvested and here it is, on some cheap broker’s list. but wait, these guys are a “special services division” of Digital Brand Group. You’d figure a “digital brand group” would have half a clue when it comes to marketing, right? What gives?
Let’s start with DBG, who have “offices” in Newport Beach and Trivandrum, India. Their website says that “DBG architects, designs, and develops custom Web and mobile applications with an international team renowned for delivering value through forward thinking and technology innovation” this clearly explains why they needed to spin off a services group to develop mobile applications. Or not.
Then we have “J”, “Badass in Charge”. Well, the email comes form “Jamon” and the person in charge at Badass, or at least DBG, seems to be Jeremiah Jacks, so I’m thinking someone was stoned out of their tree and really this email is from “Ja mon”. Anyway, it’s so nice that the guy writing this warm, friendly introduction letter doesn’t have the balls or integrity to sign his (or her) real name.
Now clever J doesn’t want to send a “salesy” message, as he goes on to see if he can book a sales call. Duh. Pro tip J: don’t ever try copywriting as a career. Also, turn your spell checker on.
Now we have several clever lines of “¡¡” presumably so that we won’t scroll down to find out who this ass really is. There’s the deflect in the postscript: “You received this email because I thought you would find value in our team…” No. Really, I received this email because you are frigging desperate for work, you’ve clearly burned all your referral business, and you’re resorting to a rebrand and spam campaign in order to desperately try to save your sorry ass before the receiver shows up.
And then the final tell, the thing that lets you know that “J” really does know he’s desperately shotgun spamming to get business: that unsubscribe link goes to a weird port on ironchampusa.ru. Yup, his unsubscribe link is on a Russian domain. Nothing quite says “legitimate email” like that!
The way an organization deals with email marketing, says more about their ethics and/or desperation than almost anything else. Badass Programmers has made their ethical position pretty clear (they’re also @BadassDeveloper on Twitter — because brand consistency matters). Whatever they call themselves… run away.
I’m getting really tired of online petitions that act like omnibus bills. The title says “Stop X” and I happen to think “Stop X” is a darn fine idea, but then you get to the actual text and it’s “Stop X, Build more Y, Change Z, and unionize everyone”.
That’s one less signature for “Stop X”, right there. We hate it when legislators pull this crap, maybe you should consider not doing the same thing in your petitions. Stick to a single issue.
Now that domain registrars have made another ludicrous cash grab by charging for domain privacy services, people are opting out of privacy protection. Well, the scum of the Earth is waiting to victimize unsuspecting new registrants:
Domain Name: [redacted] (Account #nnnnn)
This email is being sent out to you because search registration for [redacted] is pending.
Please register these domains to search engines like Google, Bing and Yahoo ASAP to avoid late fees.
Registering for search engines would help you show up in search results and increase your online presence.
You can register your domain at: [link]
We sincerely appreciate your business! If you require anything, we are at your service.
Remember… If you do not register your domain with the search engines, it may not appear in the search engine listing when people are looking for you. Failure to complete your domain name search engine registration by the expiration date may make it difficult for your customers to locate you on the web. Complete your search engine registration today at: www.searchregistry.org
Search Engine Registry 1787 Pennsylvania Ave NW, Suite 1025 Washington DC, 20006
But never fear. For acting quickly, not only will you avoid late fees (???), but you get a HUGE discount. Yes, now you can pay just $100 for nothing!
Two things to learn from this one, the first is a pretty common theme: a lot of people who start crowdfunding projects haven’t bothered to do the slightest bit of research on their market space. The second is that picking a brand should involve more effort than just looking for a domain name that hasn’t been registered.
If you have comments, please make them on YouTube. Thanks!
New visitors may not know that I’ve spent a lot of time over the past decade or so working with open source content management systems. That’s why I found this project sufficiently irritating to cover in a What The Fund episode.
If you have comments, please make them on YouTube. Thanks!