spam to my login email account (in Off-topic)

Well, it finally happened. Some spammer discovered the email address I use when logging into CB. The interesting part being that I only use that email account for CB. Nowhere else.

Email addresses (visible in the user info pages) are hidden unless you login. So. That means

1. Jon sold my email address. Don't believe it for a second
2. Another user logged in then harvested my email. Possible if it was a real sleazebag and/or a banned person... those two overlap
3. Some mail server is quietly harvesting addresses as it fowards messages and it got one of my "Notify me" threads. Possible though I haven't heard that particular nastyness before
4. The spammers guessed my email address. Seems pretty unlikely
5. I foolishly pasted my email address in this, or some other forum. Nope
6. Have I missed any other possibilities?

   Has anyone else had this happen? Received spam to an address that's effectively impossible to guess (even with a dictionary attack) and "unlisted"? Anyone care to guess how BadGuys Inc.® found me?

When the impossible is removed, whatever remains, no matter how improbable, must be the truth. Thus #2 :)

Do you mean the email address that is included on your user profile? That would be quite easy for a person to copy. I believe spammers have software to scan websites for all email addresses - just find anything with an "@" symbol. I wouldn't be too surprised if I were you.

You cannot find email addresses on this site unless you first login. I like to think that I'd find the way if it was possible.

Sefton, why do you consider #3 impossible?

true, not really impossible, but I combine Sherlock Holmes with the path of least resistance. It's easy for a sleezebag to log on to CB, it's difficult to have an email server that harvests address for very long.

did you maybe log-in at a school or public computer?

I know at my school, they have auto-fill in blanks for log-ins, (obviously not remembering passwords), when i bring up CB at school, i click the email log-in box, and like 20 email adresses pop up.

I'm assuming that you run proper protection, so I doubt that this is the case. However, it is a possibility to include in your list.

6. A virus or spy-app is on your computer and quietly forwarding information (including any typed email addresses) to a scammer.

smallpaul: I login from a personal machine. Good thought though.

Bubo: Good one. Yes, I run with several layers of protection including a firewall and multiple spyware/trojan hunt-kill programs.

7. You subscribed yourself up for spam. Hey it could happen.

i agree with bubo as well. but #3 is possible as well, i have not herd about that.

but as he said #7 is very possible

It could be anything, sometimes spammers have a list of usernames, say that they had sukotto@hotmail.com.. they harvest the user name sukotto into a list A. And they have a bunch of domain names B, they put hotmail.com into list B. Later when they discover gmail.com, they will automatically have sukotto@gmail.com, it might be bogus, but worth a try... use your imagination :)

Since your email address is stored in a cookie then I think what happened is that you used another email account or maybe went on a site and your system was scanned and harvested for email addresses. This happens all the time and is more common than you know. Look at Yahoo! privacy policy :) That's just Yahoo!, BTW.

1. I don't believe it too.
2. Maybe, and any user can do it.
3. Quite possible, I don't know what you mean with "notify me"
4. Maybe, if your address is easily guessed, but smaller chance applied here.
5. Who knows? Could you remember all what you type at all forums/boards.
6. Yes, and here is my view:


a. Possible spyware/adware. This kind of bad software can gather any email addresses stored in any computer, they can also gather email addresses displayed in any browser. This mean if my computer was infected and I login to cb2, then I view your profile, those softwares will scan what I'm reading at your profile searching for email addresses. Some people call it data miner. Or, if your computer was infected with this kind of spyware, your email address scanned when you enter it for logging in.

b. NO WAY. You think you never installed such program in your computer, They install it silently when you browse to some sites, usually with advertisement. Remember that those spams usually meant for advertising (I have more email addresses than most of you, and I still get thousands of spams a day from just one account, and now I had abandoned more than 10 free email account because I kept getting spams).

c. Possible keylogger inside your computer. keylogger records what you enter in any form, the purpose of this keylogger is for stealing usernames and passwords. Yes passwords, if you see ***** in password form, the keylogger record what you type, not what you read/view in browser. If keylogger catch a @ symbol, it can record it as email address.

And how come those spammers got that data from your computer? They silently contact certain server and send the data they have from your computer to their database.

d. Have you ever join mailing lists? or subscribe to any service using your email address? (is your email carnageblender - at - cale *dot* cc?). Believe me many spammers use it as a good spamming resource.

#2 is so easy to do, and the most plausible IMHO. Thats why mine is kept hidden...remember...."Trust No One"...except Jon of course :)

That's true Max, however, my browser is set to throw away cookies every time I close it. I know FireFox has a couple of current vulnerabilities (like multi-domain frames and some javascript issues) so I suppose it could have happened.