I should start out by saying that I don’t approve of spamming and have spent a good deal of time helping to reduce the impact of spam email in both my career and the occasional hunting of spammers on the net in my spare time (Good old Bent-Over-In-Fed-Jail Bobby Soloway really annoyed me back in the day so I joined those reciprocating). Also, as I am ever keen to remind people, 75% of global spam before 2008 was generated and sent by a single ISP located in California’s ‘Silicon Valley’ rather than often advertised by anti-spam vendors, rogue states. So the validity of spam as a problem compared to virus or phishing attacks still remains questionable.
That said, in the same way as no government will accept liability for allowing pay-as-you-go mobile phones to ease criminal activities and destroy many lives, intrusion hungry organisations are now allowing a new form of spamming to become a viable option.
So, do you want to blazon your name, cause or organisation across the screens of people globally? Well here’s how..
- Grab your good old spammers email database and load 30,000* addresses into the contacts of your preferred email system.
- Open a Linkedin account with your name, cause or organisation and allow the import of your contact list.
- Sit back and watch the hits on your account…
The key to this is the greed of social networking sites in creating links between differing people and now sharing of that information between other social networking sites.
In IT the term ‘Reverse Lookup’ is a networking term that provides a means to trace a source of information and validate where it came from. A similar process is now being used by social networking sites to suggest potential connections based on a one way connection and will allow the intrusion of ‘Contact Spammers’ based on these simple premises.
- You, the spammer, possibly have the email address of a member of the social networking site in your contact list. Therefore you are highlighted on the Linkedin database as a potential connection to that person, if only one way
- As Linkedin now publishes potential contacts on your personalised pages, you will very likely be prompted to confirm if you have a connection with the account that loaded your email address as a contact. The contact need not be in the spammer’s network nor do they have to send a connection request.
Now most people would perhaps ignore many of these suggestions but a proportion (and remember that is the point of spamming – throw enough … and some will stick) will perhaps click on that suggestion and go to their page. Instantly, as the spammer, not only do you have a validation that the email address is live and on Linkedin but you will possibly be able to see who has looked at your page. So your advert or whatever you have located on your page will be seen by many people who would otherwise have had no connection to you.
Free advertising effectively.
* A final note that in some ways explains why this is not as great a worry as it could be. Currently Linkedin has a contact limit of 30,000. The average spammer wants to be hitting hundreds of thousands of email addresses and so may not create dozens of Linkedin accounts with the same advert or name. The concern is that Linkedin offering potential contacts to you may not be governed by the same monitoring that sending of connection requests are.
I’ll check with them in case this is not monitored for such abuse and update with my findings..