On Sunday I noted that my blog was under attack from determined, but clueless, blogspam scriptkiddies. But that isn’t the only attack I’m seeing, and the second version is rather more disturbing – and puzzling.
What seems to have happened (or be happening) is that someone (or more likely a script) has looked up my name and phone number in several on-line directories, generated a plausible but invalid email address from my name (something like geoff53246@yahoo.com – not clear how variable this is), and then fired off email messages to various companies, apparently from this address, expressing interest in their products or services and asking the recipient to call my phone number. So far we’ve received 30 or 40 phone calls from various companies “responding to your inquiry”. The companies include the usual spam suspects – mortgage brokers, part-time MBA schools, etc. Most of these messages wind up on our answering machine, but from the few that we’ve picked up we’ve been able to piece together the above pattern. In some cases the name is correct; in others, it’s reversed. This is consistent with the entries for my phone number in various directories.
So what’s going on? It’s hard to know what to make of it.
I haven’t read about this elsewhere, so perhaps it’s directed against me personally, or against some group of which I’m a member. (Atheist bloggers? Subaru drivers? Mac users? Model airliner collectors?) On the other hand, the variations in my name suggest a dumb directory look-up. Is there some [twisted] rational purpose, or is this simply a random act of antisocial behaviour?
Like millions of others, we signed up for the national Do Not Call registry. This legislation was bitterly opposed by many telemarketers. Obviously those companies that are calling us interpret the forged emails as establishing “an existing business relationship”, so the “Do Not Call” rule no longer applies. This could be an attempt by someone to discredit the registry by flooding the world with “existing business relationships”. Or it could be driven by a single telemarketer who wants to subvert the rules so that they can make cold calls, but is disguising what they’re doing by ensuring that other companies also receive messages.
For a company that relies upon email referrals, this could be a devastating diversion of resources, a kind of DDOS. Perhaps this is an attack on one company (disguised among the crowd), for malicious or blackmail purposes.
This could also be an attack on Yahoo. By generating a huge volume of annoying, expensive messages apparently from Yahoo addresses, the perpetrators might expect that spam filters would be trained to reject all messages from Yahoo.
If you’ve experienced anything like this, or have another explanation, I’d love to hear from you. Normally I’d ask you to add a comment to this blog piece, but due to the other spam problem, comments are presently disabled. Perhaps you could send email to my Gmail account – firstname.lastname@gmail.com. (You can work it out.) Since this kind of attack is almost certainly illegal, I shall also be contacting the appropriate authorities – probably the Massachusetts Attorney General. Thanks.