Thursday, July 6, 2017

Hacked or Hocked Email Database

In general, I prefer when I can call out a business for something good.  Unfortunately, sometimes the opposite is true.   I prefer to give the criticism directly, and not "in public"; but sometimes there's a level of apathy or incompetence that trumps keeping quiet.

Enter company Instant Checkmate.   This outfit claims to be a reputable public records database, and background search company.   Under normal circumstances, I would have linked to their company; but here I do not believe that I want to drive any business their direction.

My interaction with this company began a couple of years ago.   I was working with a client, who was considering making use of their services (through my company), but changed his mind near before any financial transactions had taken place.   For the purpose of this interaction, I had created a unique email address, provided only to this company.   For a couple of days, that email address did receive a couple of "Are you still interested?" emails, which were ignored, and they eventually faded from memory.

in recent weeks, however, that email address has begun receiving mail again. Though none of it is for the company.  Now it's for fake viagra (I'm not capitalizing the scam product), assorted diet pill scams, counterfeit goods, and an assortment of other spammy things designed to make some scumbag money - from your pocket.

Now for the fun part of this:
Had this been just a generic email address, it could be chalked up to "general spam of unknown origin".   At some point a lot of addresses end up on some kind of spam list, and get sold and resold, and you get the garbage that fills spam filters. 

The fun thing about running a domain, though, is the ability to assign unique addresses.   I have done that.   To a degree the intention is for organizational purposes.   However, it has another benefit of identifying which companies are selling addresses - or have been hacked.  In fact, because of this, I was in touch with a couple of prominent companies which made headlines for their database hacks a few years back, prior to making the headlines.

Back to Instant Checkmate:
Rarely have I encountered the level of apathy and incompetence that I have met with this company's staff.   To be fair, I understand that your basic call center representative is hired with a particular script from which to read.   Deviations from this, especially complicated ones, can short-circuit them.  Some things should trigger escalation, though. 

When trying to address this issue, the call center reps - and even the "supervisor" I spoke with seemed clueless.   It was very clear that this was something off the script, and that none of them had the slightest clue about.   It also seemed that either they didn't care - or that this company does not have any provision for this contingency.    All attempts at contact get routed to the same unhelpful call center staff.

Further, this company has fallen to "you must have given the email address out to someone else."  No, it was uniquely created for their company.  They've also tried "Maybe I used it to sign in from a compromised machine".  No, It was on a secure machine, and only generated on their site.   The two remaining options are - They sold the email list (they claim they don't), and their database was compromised.  

I did have one "supervisor" claim that it may be their "marketing partners".   If this is true, then I have complete and utter contempt for a company that uses "marketing partners" that use a series of short-term domains registered with false contact information, , and spam-"advertise" through fake email addresses.  Frankly, if your "marketing partner" is using a fake Fed Ex email message to send you to a fake pharmacy that promises "Free v****a with every order" and "No prescription needed"; then you deserve to be called out and go out of business.

Fortunately, for me, I've killed the email address they had.   All they had was an email address, which they sold or had compromised.  However, others may have had financial information compromised. 

Professionally, I would advise against any dealings with this outfit.   They seem to have no capacity to deal with anything beyond basic call center script.   They also refuse to take ownership where there is a fault and resolve the issue.   There are better, more reputable and more competent choices out there.


No comments:

Post a Comment