One of the things I do (inconsistently) when signing up for things online is to use an email alias specific to the customer I’m signing up to. The theory is that if that email address ever got leaked to spammers, I’d know who leaked it. If you own a domain name, it’s easy to do, assuming that the default is for all addresses @example.com go to you.
The down side of this is all the spammers who make up From addresses to send out their junk from, leaving you with the bounces.
Anyway, in the years I’ve been doing this, verifiable leaks to actual spammers and scammers have been pretty rare. In fact I can’t remember any. I can recall some who have handed the email address over to other, known, companies. Not what you want, but at least they hadn’t gone to someone who ended up bombarding me with emails for Viagra and scams for competitions.
In June I signed up for a Big W photos account. The plan was to upload photos into it, then order prints and go collect them from my favourite Big W. Ideally you could do it through Flickr or Google Picasaweb or one of those, but their printing is limited to North America. So I thought I’d try the local guys.
The catch was when I eventually got around to trying to upload pictures to it, it didn’t work. Maybe I’ll try it again soon. Maybe.
The email alias used? bigw.
In the last couple of days I’ve received two scam emails delivered to that address, one reckoning I might win a Sony Wega TV, the other a MacBook air, and asking me to click onto a web site to enter their competition.
I’ve got no intention of clicking through, of course. I’m sure all they want to do is verify the email address exists, and that there are no magical prizes waiting for me at the end of the rainbow. Just more spam.
I obviously haven’t used my bigw email alias for anything else — that would defeat the purpose of doing it. And I’m pretty sure I haven’t signed up for any other Big W online services.
Without jumping to too many conclusions, there are few possibilities that spring to mind.
- Big W (or their supplier, FujiColour) may have sold on the address to a dodgy operator — unlikely I reckon, given these are major corporations we’re talking about; why would they bother sullying their reputation like that?;
- or it was leaked by someone there;
- or their system is so insecure that someone hacked in and grabbed it.
It makes me glad my photo uploads didn’t work and that I never fed my credit card number into it.