[HN Gopher] Ask HN: Someone's using my email to sign up to newsl...
___________________________________________________________________
Ask HN: Someone's using my email to sign up to newsletters. What
should I do?
I woke up this morning to a mountain of newsletters in my primary
inbox that I did not sign up for. A lot of them were for "earn
money by surveys"-websites, but some were job listing pages and I
even got some from regular, reputable, companies like Huggies (an
american diaper company). The only common denominator I've found
between all these companies is that they're US based, or the US
version of the brand. I'm not quite sure what's going on and why
someone would do this, but it's not a good feeling. I started
contacting companies about removing my account and associated data
as per GDPR law, but truth be told I'm not quite sure if that
applies. It's also way too time consuming. This is my personal
main email with gmail. I'd rather not swap, but it's hard to wade
through all the unrelated crap. Has anyone been through this
before? How did you solve it? What steps should I take to protect
myself?
Author : cupofjoakim
Score : 6 points
Date : 2022-03-24 21:56 UTC (1 hours ago)
| fhrow4484 wrote:
| > I'm not quite sure what's going on and why someone would do
| this
|
| I read somewhere (here on HN?) that hackers would do this when
| stealing your credit card info and using it to make a purchase.
|
| Like, they didn't break into your email account, so their best
| bet for making the purchase is you not seeing the order
| confirmation email. So they flood you with a ton of crap
| newsletters. (Otherwise if they had access to your account,
| they'd just delete that order confirmation email)
|
| It's not quite clear why they would need to associate the
| purchase with your real account - maybe they took control of one
| of your accounts where your payment method is saved. But be on
| lookout for weird charges
| __d wrote:
| As an aside, this is why mailing list signups should always have
| a confirmation step.
|
| I've had the same public email address since 1995. I get a ton of
| spam in my raw emails.
|
| The only approach I've found helpful is to use a
| white/grey/blacklist system: known good are whitelisted, known
| bad are blacklisted, and you have to manually review the greylist
| emails. With the usual "this looks like spam" filter, I found I
| was missing a lot of real mail in the mountains of junk: the
| ML/algorithmic spam detection just got overwhelmed by the
| diversity of what I receive to the point it was much less useful.
| SLSMan wrote:
| I had this happen to me a few years ago. The point of the
| newsletter spam was to try to hide a confirmation e-mail from
| online order using my account on an online store. The attacker
| gained access to the my account at the store using a password
| from an old data breach. They signed up for hundreds of
| newsletters in the span of a few minutes, then placed an order
| using the stolen credentials. The confirmation e-mail was buried
| in a mountain of spam, making it almost impossible to discover
| that the attacker had placed an order using my account.
| Fortunately, I hadn't used that store in ages, so all of the
| billing info they had on file was out of date and the order was
| cancelled automatically. Try searching your email for "order" or
| something similar and see if anything came in during the
| newsletter bomb.
___________________________________________________________________
(page generated 2022-03-24 23:02 UTC)