Companies that spam or sell your address!

General discussion re sg.

Postby dl97 » Mon Jan 16, 2006 8:02 pm

Ameritrade sold my address to a spammer who sent 4 investment-related spams so far - "buy this stock now, exciting new developments driving up the price..."
dl97
 
Posts: 9
Joined: Mon Sep 12, 2005 10:40 pm

Postby jgombos » Tue Jan 17, 2006 1:46 am

dl97 wrote:Ameritrade sold my address to a spammer who sent 4 investment-related spams so far - "buy this stock now, exciting new developments driving up the price..."

Please post a couple, or send them to me privately. I would like to compare them to what I received. I don't need the headers - just the body.

Thanks!

UPDATE:dl97 sent me the bodies of a couple spams sent to his ameritrade address, and they matched what I recieved. So this validates my suspicion that someone internal to Ameritrade leaked our addresses. Ameritrade guarantees customers that they do not share or sell email addresses, so it seems this is legally actionable. Did anyone else get spam at an ameritrade unique spamgourmet address?

I'm not sure how we would prove to a court that spamgourmet's servers weren't harvested.
jgombos
 
Posts: 53
Joined: Wed Dec 14, 2005 3:28 am

Postby jgombos » Sat Feb 18, 2006 4:00 am

Ameritrade never followed up. So I've filed a complaint with the BBB.
jgombos
 
Posts: 53
Joined: Wed Dec 14, 2005 3:28 am

Postby SysKoll » Sat Feb 18, 2006 4:22 pm

jgombos,

Could you please post here (or send me in a PM) the headers of spams you and dl97 got?

Thnak you.
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Postby SysKoll » Sat Feb 18, 2006 4:27 pm

jgombos wrote:I'm not sure how we would prove to a court that spamgourmet's servers weren't harvested.


First, you cannot prove a negative, so any lawyer who would even suggest this would be slapped down by his colleagues.

Second if it was the case, a lot more spammers would have been exploiting this by now. And if they had broken into our servers, they'd not bother sending email to easily refutable addresses, they'd go for the protected addresses.
Neither of these has been observed.

So application of Occam's razor suggest we go with the obvious first, that is, Ameritrade.
Last edited by SysKoll on Wed Mar 15, 2006 6:30 am, edited 2 times in total.
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Applebee's restaurant

Postby tcgraham » Tue Mar 14, 2006 9:33 pm

I used a targeted email address to Applebee's restaurant . They have set the record for spam emails sent to me (probably a source other than Applebees)using the email address I sent to them.

Get this...........5600 emails in 24 months!

They either sold the address or let it out to a third parter mailer. Needless to say, I would never patronize their restaurants in the future.

Can anyone beat that one?
tcgraham
 
Posts: 16
Joined: Mon Oct 27, 2003 7:51 pm
Location: Florida

Another Spam company - Ticketmaster

Postby mysticturner » Fri Mar 24, 2006 8:36 pm

A newsletter/forum that I am on (called Ed Foster's Gripe Log) currently has a gripe going on about how Ticketmaster spams it's customers. The article is at http://www.gripe2ed.com/scoop/story/200 ... 1718/07851 and talks about the policy that Ticketmaster has. Basically, if you look at a ticketmaster site, you've given them the right to spam you. My experience confirms this. My SG account with TM has gotten 11 unwanted emails in the last three months, about 1 a week. Thanks to SG, they all got deleted. When I next buy tickets, I'll open the account back up for the confirmation emails and close it back down.
mysticturner
 
Posts: 57
Joined: Sun Jun 12, 2005 6:38 am
Location: Dallas, TX

Postby SysKoll » Sat Mar 25, 2006 4:25 am

Well, a lot of people out there call them Ticketbastards. They have several reasons, and spam is probably the least of them!
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Ameritrade response

Postby jgombos » Fri Apr 21, 2006 8:30 pm

Ameritrade responded to my complaint to the BBB. Here's the body of that letter:
Code: Select all
We received correspondence from the Better Business Bureau about your Ameritrade account.

I wanted to follow up with you about the Spam e-mails you received.  I apologize for the delayed response and understand any frustration you may have experienced in this matter.  Although we have been unable to determine the exact cause of the Spam, I wanted to inform you of what we do know.

We thoroughly reviewed our systems and data sent to third parties with access to e-mail addresses and found no misuse or compromises of any of our systems or storage mediums for e-mail addresses.  Additionally, after further review of our systems, there is no indication that your account information held with Ameritrade has been compromised.  Please be assured that we regularly contract leading edge security firms to conduct network and application penetration tests to test the security of our network and web presence.  We also employ a staff of full time employees solely dedicated to Information Security.

At this time, we continue to work with the U.S. Securities and Exchange Commission to investigate this matter and the source of the Spam e-mails.  Should further information become available, we will notify you of our findings.  You may review our Privacy Statement at http://www.ameritrade.com/privacy.html and our Security Statement at http://www.ameritrade.com/tell_me_more/index.html?startpage=internet_security.fhtml.

We would appreciate your continued support in this matter.  Should you receive further Spam to the above referenced e-mail address we ask that you please print and forward the information as soon as possible to:

Ameritrade Compliance
Attn: Jeffrey Plummer
P.O. Box 2148
Omaha, NE 68103-2148

I personally thank you for the opportunity to be of service in this matter.

Sincerely,
 

Jeffrey K. Plummer
Client and Regulatory Relations Analyst
Corporate Compliance
Ameritrade, Division of Ameritrade, Inc. Member NASD/ SIPC
jgombos
 
Posts: 53
Joined: Wed Dec 14, 2005 3:28 am

Re: Ameritrade response

Postby SysKoll » Sat Apr 22, 2006 3:46 pm

jgombos wrote:Ameritrade responded to my complaint to the BBB. Here's the body of that letter:
Code: Select all
We thoroughly reviewed our systems and data sent to third parties with access to e-mail addresses and found no misuse or compromises of any of our systems or storage mediums for e-mail addresses.  Additionally, after further review of our systems, there is no indication that your account information held with Ameritrade has been compromised.



Translation: it's an insider job, as very often in this case. There have been several instances of dishonest employees who copied customers' contact info and sold it to a third party.

Considering that small-cap stock pump-and-dump scams can easily generate hundreds of thousands of dollars, I would not be surprised if a scam artist had bribed an Ameritrade employee.

Please make sure that you forward further stock spam to Mr. Plummer. It is worth investigating.

Plus, think of it. You might have just started an investigation that will either lead to the arrest of a scammer's accomplice at Ameritrade, or at least scare him enough that he will balk, refuse to continue leaking info, and, with a bit of luck, get shot by his former associaltes. :-) Man, you are a hero in the making!
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Re: Ameritrade response

Postby mika84 » Sun Apr 23, 2006 10:26 am

It's very easy to collect addresses, credit card information or so on. It's just about who's willing to give that information to "wrong hands".

It's all simply about morale. Some companies doesn't understand that unhappy employees are huge risk to company and it's customers.

I have in my hands over 200 000 credit card numbers (from last month), millions of active email addresses (last month) and so on. I can simply extract all that information from transaction logs. We offer ASP services to compoanies that sell their services to other companies and I have direct access to all that information.

Anyway most of people are honest enough not to missuse this kind of possiblity. There are a lot of services that you trust and they might still missuse your information. Most normal people doesn't think that when ever they use their credit card, they'll give away all information required to miss use that card.

So if you are summer employee in local supermarket you can copy all customer credit card information from server at that site. Possibly also have access to their bonus card information if it's used with credit card you'll have address information and so.

It would be interesting experience see how long I could steal and misuse information from systems before nobody can pinpoint leak to me. Maybe I won't directly steal information from systems. Because that would show up in access logs. Maybe I'll take my copies from backup copies. Because access to backups isn't logged in anyway. But there aren't too many persons allowed to do that.

If I steal information from only one of our customers systems, they might not shortly know that it's their ASP that steals information from their system. Because naturally they trust us. They might think it's their internal leak.

Miss using credit cards might lead to large scale investigation. But leaking email addresses? Hmm, maybe not. So I guess I might do that at least once and be damn sure that they couldn't pinpoint source of the leak.
mika84
 
Posts: 36
Joined: Thu Jul 29, 2004 7:23 pm

Ameritrade settlement

Postby jgombos » Wed May 10, 2006 2:22 pm

I responded to Ameritrade essentially stating that investigating the attacker is inadequite, and that they need to take steps to ensure email addresses are protected from insiders. I also asked for compensation for the disclosure. Here is the body of their response:
Ameritrade wrote:We appreciate your comments and suggestions regarding the Spam e-mails you have received. We will definitely keep you posted on any information that becomes available in this matter and of any future actions we take to mitigate the improper disclosure of your e-mail address. In the meantime, I have provided a copy of your letter to our Information Security department for their review. In an effort to help make up for your frustration, I?ve credited your account with 10 commission-free Internet equity trades good until November 1, 2006. This is everything I can do in this matter.

I personally thank you for the opportunity to be of service in this matter. On behalf of TD AMERITRADE, we look forward to serving your investment needs in the future.

It's a great response. That's the response I was looking for.
jgombos
 
Posts: 53
Joined: Wed Dec 14, 2005 3:28 am

Postby SysKoll » Wed May 10, 2006 6:13 pm

Not bad. I am really impressed with their Customer Relationship. They not only admitted that their was a screwup on their part, they actually compensated you for the breach of confidentiality. Most companies out there don't even recognize their might be a problem.

Please keep us posted if you hear anything from them again, jgombos.

Also, you might want to call an editor at Forbes or Money magazine to see if the story would interest them.
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Re: Ameritrade settlement

Postby SysKoll » Mon Jul 24, 2006 4:29 am

jgombos wrote:I responded to Ameritrade essentially stating that investigating the attacker is inadequite, and that they need to take steps to ensure email addresses are protected from insiders. I also asked for compensation for the disclosure. Here is the body of their response:
Ameritrade wrote:We appreciate your comments and suggestions regarding the Spam e-mails you have received. We will definitely keep you posted on any information that becomes available in this matter and of any future actions we take to mitigate the improper disclosure of your e-mail address. In the meantime, I have provided a copy of your letter to our Information Security department for their review. In an effort to help make up for your frustration, I?ve credited your account with 10 commission-free Internet equity trades good until November 1, 2006. This is everything I can do in this matter.

I personally thank you for the opportunity to be of service in this matter. On behalf of TD AMERITRADE, we look forward to serving your investment needs in the future.

It's a great response. That's the response I was looking for.


Any news on their "investigation"?
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Postby Paranoid2000 » Wed Jul 26, 2006 10:52 pm

Ameritrade don't appear to be the only online stockbroker "leaking" emails either - see the REAL Investor DBases W/ Full Info Specialham thread...
Paranoid2000
 
Posts: 71
Joined: Wed Dec 15, 2004 10:48 am

PreviousNext

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 16 guests