Trivial

Unintended Consequences: it’s not just a theory. It’s the law!

Free Stuff!

My email spam folder receives new entries daily and I noticed an interesting trend a few months ago. There are “companies” that really want to give me a lot of free stuff!

This all starts when you innocently provide your email address to an innocent-looking website. I’m pretty sure the culprit in my case was some restaurant where I wanted to use the free WiFi. A common request: you see the location has free wireless, so you try to join. After your mobile connects, you get directed to “sign in” to the wireless network. OK, fine, you think, here’s my email address. Next thing you know, you’re hooked up.

In more ways than one.

Think about this “sign in” process for a moment. When you log into your computer, a personal account, you phone, your bank, whatever, your identity is authenticated in some way. You may use a password, fingerprint, face scan and sometimes an additional step, such as a one-time password code SMS text or an authentication code from an app. In other words, you not only say who you are, you have to prove it.

But when you “sign in” to free WiFi at some restaurant, coffee shop, beauty salon or other location, if their system asks for an email address, ask yourself why they need it if they’re not validating your identity in some way. Ask yourself if they’re not, why do they want your email address?

The address is stashed somewhere and later given or sold to some entity that will use it to send you stuff. Such as the spam filled with “free” offers.

The easiest and cheapest way to deal with these situations is to have a fake or dummy email address. Creating an additional email address with Google’s GMail, Yahoo Mail or a number of other free services is pretty trivial and you can use the address for specious sign-ins or on site that you know will send you a load of promotions, ads, updates and, unfortunately, spam. I have an old account with an former ISP that I recently discovered is still active and available. That’s where all my likely-undesired stuff goes now.

A couple of things about these emails will give away their spam status. First, many of them include a line near the beginning of the content that reads This message was sent from a trusted sender. As though just adding that at the top of the message proves that it’s just fine. The second obvious clue is the decorations:

Note how the “trusted sender” message is included in almost every message preview on this list. More important, however, are the decorations – the little icons, symbols and fonts used to decorate the sender and the subject. These are used to attempt to get these past spam detectors and into your inbox directly (not working on me, since GMail sent all these to my spam folder). But look at all the stuff I’m getting!

The return email addresses on these are also a dead giveaway. Here are a couple of examples from some of these:

What’s happening here is what happens after your email address is sold by whatever source has collected them. The offers and links in these emails are likely not connected with the referenced companies in any way, and there is a good chance that some of those links lead to malicious sites pushing malware or some other targeted attack.

So keep pushing these to spam, don’t open them, delete them regularly, and make sure to get that “alternative” email address to use when you just don’t want to be bothered.

Unless you want to try to get all that free stuff. Good luck.