Today, I had an email from a website called *****. I think they are an
Indian dating agency. There was a message saying that a friend of mine (his
name was included in the message) wanted to share photos with me. There was a
box to press. I right-clicked and copied the URL, closed down my Outlook, and
opened my browser and pasted the URL into the address bar. When the website
came up, I realized it was a con and closed the browser down. Later today, I
had another email from ***** congratulating me on becoming a member with my
email address and password highlighted. My question is: In your opinion,
would they/could they have opened an account using my email address, even
though I didn’t open the email in my Outlook? Or are they hoping that I will enter
the site using those details (if only to delete the account) and that in some
way, will verify the details and put me in more trouble? Any observations
are appreciated, if you have time.
Well, I’ll put it this way: you’ve probably already opened and verified
your account with *****.
I’ll explain how that happened and what steps you should take next.
]]>
A click is a click is a click
I want to start by clearing something up.
Copying the link out of your email program, closing your email program, and then pasting the link into your browser didn’t do anything to increase your security. You might as well have clicked the link in the email, which would have done pretty close to the same thing.
It’s the link that’s the problem and the fact that you went to it at all. Where or how you do so in a case like this is pretty immaterial.
“Don’t click links that you aren’t certain about in email” really means don’t use those links at all, in any way.
How it probably worked
It is really a fairly simple thing for spammers – or social media sites or Indian dating sites or just about any site for that matter – to do. While this example is completely and totally made up, it’s not that far from what can really happen.
They start by collecting your email address. Perhaps a friend told them in order to invite you to this service. Perhaps they simply collected the email address from less legitimate sources. Perhaps they just guessed.
Then, they put that email address into a database and assigned it a number. That number’s important.
you@anexampleisp.com = 182934
Now, they send you your invite. It’s sent to your email address: you@anexampleisp.com. In that “invitation” amidst all the words about how wonderful their service or product will be a link. It could look something like this:
http://somerandomservice.com?kwyjibo=182934
In reality, it could be completely hidden and even made to look completely misleading. For example, they might choose to encode it more like this:
http://somerandomservice.com/2CA96/optout.html
(2CA96 is that number encoded in hexadecimal and the optout.html could be completely ignored.)
There are many ways to encode the information into a clickable URL.
What information? Well, the number that was assigned to your email address, of course.
No matter how you go to that URL, the mere fact that you’ve gone to it tells them that the email address associated with 182934 got to a real live person.
In fact, they might even assume that the act of going to that URL is confirmation that you want to join their service.
All that they need to do is look up the email address associated with that number and start spamming you.
How to prevent this
Don’t click the link.
Don’t use that URL in any way.
In particular, don’t copy/paste that URL into a browser and go to it.
Your email program had nothing to do with this. The fact that the URL was accessed – even once and regardless of how – caused the problem.
What to do next
OK, so you clicked on that URL or activated it in some other way.
What now?
Well, my guess is “unsubscribing”, even if offered, isn’t going to be of any help. Any so-called service that would subscribe you on a single click in an email that you never asked for isn’t likely to be particularly well behaved when you ask to leave.
Instead, the next time that you get email from that service, do one or more of the following:
-
Mark it as spam if your email service or program supports that.
-
Block the email address if your email program or service supports that.
-
Set up a rule or filter to automatically delete the email if your email program or service supports that.
-
Delete it and get on with your life.
In other words, there’s no reliable way to get them to stop sending. All that you can do is deal with and dispose of the email as it comes in.
Thank you, Leo, for verifying something I had suspected for quite some time. We are always told not to open unidentified, suspicious or otherwise questionable links that arrive in our email. Unfortunately, the emphasis stops there. This is the first confirmation I’ve seen that extends that admonition to avoid those links any- and everywhere. Thanks again for providing some very useful advice.
Great adavise to this articicle.the main reason I use MailWasher,lets me delete,bounce from server so not to ever reach my in box. would not be without it,have used it for several years and it works great,I use the free version by the way. Thank you for all your help.
Oh, my god. This article is more helpful than any tech article I’ve read in years. I wish I’d known years ago about the above-described washing technique that spammers use. I too had hitherto thought that copying a URLs from an email and pasting it into a browser window – as per apparent conventional wisdom – protected me from being driven to a spammer’s site AND safeguarded my anonymity. Yikes.
Leo, if you have a canonical ten or twenty Ask Leo columns, I think the “How did I get subscribed to this dating service?” article should be among them. Well done and thank you!
***** / 5 [ five stars out of five ]
Good advice, Leo. But for those with insatiable curiosity, they can still investigate WITHOUT giving away their identity. If they do a Google search (or any other search engine) for just the website (somerandomservice.com), they can find out about it without exposing their e-mail address. And if they look at even the first ten to twenty results or so, they can get a feel for how many people are complaining about it before they go there from the search engine. And hopefully the search results will have been enough to cool their curiosity. Thanks for all your good advice!
My sympathies to those that receive relentless spam. I have a few email accounts. My first one, and my first time on the internet with my personal PC, has never received any spam in the 5 years I’ve used it. I account this to being quite cautious [actually, terrified] over the years. I still protect this one gem as if my life was hanging in the balance. This has to stand as a testament to a prudent and cautious use of an email account.
Of course, over the years I’ve acquired throw-away and social accounts of less concern.
Not a bad idea to read a link that Leo has provided on this page, titled “How Do I Know This Web Address Is Safe?” He explains the construction of a web address (link). Somewhere else on Ask Leo, I saw where anything after the ? (question mark) can register certain information about YOU and use that for their benefit.
If you’re unsure about the validity of a link, when you copy and paste in your browser, make sure to delete anything after the .html part, such as question marks, codes, etc. That way, you can get an idea about what the site is, without releasing specifically collected information about yourself.
If it won’t let you proceed without the extra detail (such as Permission Denied, or webpage cannot be loaded), then forget them. They’re too devious to trust.
The only reliable way I found for that is:
1. Delete the e-mail address that was spammed. Never use it again. and
2. Format your hard drive (if it were only one or two computers you were using) and reload the programs from their original media and add your data from a FULLY CLEANED (SCANNED BY SOMETHING LIKE FREE McAfee Stinger latest available version, from the Internet).
This is exactloy what I did in a similar situation. It was a simple change for example instead of First.Second@ISP.Com change to First-Second@ISP.Com Inform your contacts of this change. I also changed the password to this account using a combination of special characters if your system allows it. If the password was for example A1B7C8D6 change it to A@9c#6l1iQ notice the i, l and 1 look very close and are not likely copied rightly by spyworks. Having upper, lower case with numbers and sopecial characters makes it very difficlult to guess.
@ Notme, I see a problem with deleting – and by that, I assume you mean “relinquishing” – an email address that has been spammed. Once you relinquish an email address, anyone can assume it and then send spam (or worse) in your name. Perhaps consider keeping the account active, but don’t use it if you don’t want to …
When I receive an email that looks questionable, I don’t open it but instead I right click on it and click on “Properties” and then on “Advanced” and then on “Message Source”.
From there it shows all (most all the time) the information about that email. Would this still be like opening that message?
@Norma
The message source is a text file and viewing it should be safe as long as you don’t click on any of the links in case your message source viewer displays them as hyperlinks.