Capital One, a large US-based bank and credit card issuer, stands out for sending by far the largest number of transactional emails containing personally identifying information (PII) to my spamtrap collection. :/ Capital One uses a number of ESPs, but its transactional emails are usually sent from Bigfoot Interactive, owned by Epsilon Interactive.
U.S.-based retailer Target, which recently suffered a massive data breach, has responded to that breach by hiring an email appender to append scraped email addresses (some of them closed for over a decade) to their customer list. Target then spammed that appended list over the past few days. The ESP is Epsilon, via its subsidiary Bigfoot Interactive.
Earlier this summer I noted a growing number of spamtrap hits from U.S. department store Macy’s. I was about to blog about it when Spamhaus beat me to the pitch and listed them in the SBL. As I recall, they were in and out of the SBL two or three times before the spam from them died down. Unfortunately that did not last; they are once again hitting my spamtraps. It’s just a couple now, but if the previous pattern is repeated, they are headed for more trouble with Spamhaus, Returnpath, and private blocks as well. The ESP is Epsilon, via its subsidiary Bigfoot Interactive.
Country Inns & Suites, part of the Carson Hotels chain, recently started sending bulk email to a spamtrap email address that has never received email before. As with yesterday’s spam report, I saw delivery attempts in my mail log and enabled the email address a few weeks ago. The ESP is Epsilon, via its subsidiary Bigfoot Interactive.
U.S. banking giant Citibank yesterday sent bulk email about “thank you” rewards points to a new spamtrap that has been dead for over eight years. The email contained a name and the last four digits of a credit card number. As with previous Citibank bulk emails that I have seen and blogged about, the ESP is Epsilon Interactive via its ESP Bigfoot Interactive.
Capital One, a bank with an aggressively-advertised credit card program, just sent a bulk email advertisement to a spamtrap that has never heard from Capital One before. Worse, the email uses a name that was never associated with that email address when it was live. So how did Capital One acquire that name and email address combination? One spamtrap hit isn’t conclusive, but this smells very much like a bad e-pend to me. The ESP is Epsilon Interactive, via its subsidiary Bigfoot Interactive.
Weight Watchers, a decades-old U.S.-based organization that helps those who want to loose weight, just started sending bulk email newsletters to a spamtrap email address that has never heard from the organization before. The email address in question, when live, was a role address for a small company, not a personal address. The email address does not appear likely to be the result of a typo. So I am wondering how it came to be on Weight Watchers’ list? The ESP is Epsilon Interactive, via its subsidiary Bigfoot Interactive.
Months after I first blogged about Chase Bank sending marketing emails to an email address that had been closed for many years via Acxiom Digital, and after I added a comment to that blog indicating that Chase was sending marketing emails to a different email address via Epsilon Interactive (Bigfoot Interactive), this second email address is *still* receiving the same bulk emails. Worse, they STILL contain the customer’s name and the last four digits of the customer’s credit card number, although the customer has not owned this email address for years!