MainSleaze

MainSleaze
» Archives

Aug

Two Blogs on Fallout from Two DDoS Attacks

This week two of my favorite blogs, Mickey Chandler’s Spamtacular and Brian Krebs’ KrebsOnSecurity, have posted unusually informative and thoughtful articles about two spam-related DDoS attacks. One occured three years ago; the other within the past week.

For those who prefer to read comments and kudos AFTER reading the original articles, here are direct links:

KrebsOnSecurity (8/26/2016): Inside ‘The Attack That Almost Broke the Internet’s
Spamtacular (8/23/2016): It’s time to consider non-userss

Posted on August 27th, 2016
Posted by SpamBouncer
1 Comment »
Filed under: Email Security, Other Issues
Tags: Banks, DDoS, security breach, transactional email

Jan

Target Spams Email Appended List with Data Breach Notice

U.S.-based retailer Target, which recently suffered a massive data breach, has responded to that breach by hiring an email appender to append scraped email addresses (some of them closed for over a decade) to their customer list. Target then spammed that appended list over the past few days. The ESP is Epsilon, via its subsidiary Bigfoot Interactive.

Posted on January 18th, 2014
Posted by SpamBouncer
5 Comments »
Filed under: Spam Report
Tags: Bigfoot Interactive, email appending, Epsilon, security breach, Target

May

Chase Bank: Sending Transactional Email to a Spamtrap

Chase Bank simply doesn’t get it, or doesn’t care. Months after I reported that Chase was spamming email addresses that did not belong to live customers with marketing and transactional email messages, it is now sending transactional emails containing a customer name and information about account activity to yet another spamtrap. This email was sent directly from Chase’s own IPs.

Posted on May 17th, 2013
Posted by SpamBouncer
No Comment »
Filed under: Email Security
Tags: Chase Bank, security breach

Jul

Citibank: Sending “Thank You” Reward Emails to 8-Years-Dead Spamtrap!

U.S. banking giant Citibank yesterday sent bulk email about “thank you” rewards points to a new spamtrap that has been dead for over eight years. The email contained a name and the last four digits of a credit card number. As with previous Citibank bulk emails that I have seen and blogged about, the ESP is Epsilon Interactive via its ESP Bigfoot Interactive.

Posted on July 28th, 2012
Posted by SpamBouncer
No Comment »
Filed under: Spam Report
Tags: Bigfoot Interactive, Citibank, Epsilon, security breach

Mar

Barclays Bank: Sending Transactional Billing Notices to a Spamtrap

Today Barclaycard, the credit card division of U.K. banking firm Barclays, joined the MainSleaze Spam blog list of banking infamy. It did so when it sent a transactional billing email to an email address that has not been live for ten years, notifying the non-existent owner of this email address that he or she had a payment due, and including a name, last four digits of a credit card number, and tagged URLs that presumably gave anybody who received this email access to a customer’s banking records. The ESP is Cheetahmail, a subsidiary of Experian.

Posted on March 17th, 2012
Posted by SpamBouncer
No Comment »
Filed under: Other Issues
Tags: Barclaycard, Barclays Bank, Cheetahmail, Experian, security breach

Mar

Bank of America: Sending Customer Satisfaction Surveys to a Spamtrap

Today Bank of America sent a customer satisfaction survey reminder to the same spamtrap via ESP Real Magnet that it has been emailing or months via ESP ExactTarget.

Posted on March 4th, 2012
Posted by SpamBouncer
2 Comments »
Filed under: Other Issues, Spam Report
Tags: Bank of America, Convergys, Real Magnet, security breach

Jan

Chase Bank: Including Customer Information in Marketing Email Sent to Spamtraps

Months after I first blogged about Chase Bank sending marketing emails to an email address that had been closed for many years via Acxiom Digital, and after I added a comment to that blog indicating that Chase was sending marketing emails to a different email address via Epsilon Interactive (Bigfoot Interactive), this second email address is *still* receiving the same bulk emails. Worse, they STILL contain the customer’s name and the last four digits of the customer’s credit card number, although the customer has not owned this email address for years!

Posted on January 7th, 2012
Posted by SpamBouncer
6 Comments »
Filed under: Other Issues, Spam Report
Tags: Bigfoot Interactive, Chase Bank, Epsilon, security breach

Dec

Bank of America: Transactional Email to a Spamtrap :(

Bank of America is sending non-bulk transactional emails to an email address that was closed in 2008, and that subsequently rejected all email for a period of over a year before being re-enabled as a spamtrap. The email contains a customer name and the last four digits of a credit card number. :/ This is not spam; the email was not bulk. However, if Bank of America were paying attention to bounces, it should long since have realized that this email address was not receiving its notifications. Bank of America needs to verify its customer list NOW to fix this security breach. The ESP is ExactTarget.

Posted on December 7th, 2011
Posted by SpamBouncer
1 Comment »
Filed under: Other Issues
Tags: Bank of America, ExactTarget, security breach

Nov

Citibank: Emailing Sensitive Private Credit Card Information to a Spamtrap

First Chase Bank sent marketing emails that contained personal names and credit card information to spamtraps. Now Citibank is doing the same thing. Today Citibank sent a bulk marketing email to an email address that, if it ever existed at all, has been closed since 2007. The email contained a name and the last four digits of a credit card number. Either Citibank is deliberately including made-up “customer” information to make bulk marketing email look more legitimate (which I doubt), or Citibank has badly mismanaged its customer list *AND* (worse) is including sensitive personal information in marketing emails that are going to unconfirmed and incorrect email addresses. The ESP is Epsilon Interactive via its ESP Bigfoot Interactive.

Posted on November 22nd, 2011
Posted by SpamBouncer
2 Comments »
Filed under: Other Issues, Spam Report
Tags: Citibank, Epsilon, security breach

Nov

Chase Bank: A Spamtrap is “an Amazon.com Business Rewards Visa cardmember”?

Chase Bank is sending advertising emails to an email address that has been closed for many years, claiming that the owner is “an Amazon.com Business Rewards Visa cardmember”. The ESP is Acxiom Digital.

Posted on November 15th, 2011
Posted by SpamBouncer
3 Comments »
Filed under: Other Issues, Spam Report
Tags: Acxiom Digital, Bigfoot Interactive, Chase Bank, Epsilon, security breach

Page 1 of 212

Companies that spam, and ESPs that help them.

Two Blogs on Fallout from Two DDoS Attacks

Target Spams Email Appended List with Data Breach Notice

Chase Bank: Sending Transactional Email to a Spamtrap

Citibank: Sending “Thank You” Reward Emails to 8-Years-Dead Spamtrap!

Barclays Bank: Sending Transactional Billing Notices to a Spamtrap

Bank of America: Sending Customer Satisfaction Surveys to a Spamtrap

Chase Bank: Including Customer Information in Marketing Email Sent to Spamtraps

Bank of America: Transactional Email to a Spamtrap :(

Citibank: Emailing Sensitive Private Credit Card Information to a Spamtrap

Chase Bank: A Spamtrap is “an Amazon.com Business Rewards Visa cardmember”?

Categories

Recent Posts

Recent Comments

Anti-Spam Organizations

Blacklists & Whitelists

Email Blogs

Security Blogs

Spam Filters

Spam Research

Meta