Fake Anti-Spam Site Fishes for Addresses

ByABC News
February 11, 2004, 11:54 AM

Feb. 12 -- We all hate unsolicited e-mails, or spam. It's time consuming, offending, and at times, dangerous.

The U.S. government has passed the CAN SPAM bill, but it is still being debated whether it really addresses the problem. So an opportunity to sign up for a national "don't spam me" list sounds pretty good, right? Wrong.

One of our readers reported finding a link to the "National Do Not Email Registry" on the bottom of an e-mail in the "opt-out" section. If you clicked on the link, you are taken to an official looking site (http://unsub.us) where you can (supposedly) sign up for the list. The site is a look alike for the real "National Do Not Call Registry" (https://www.donotcall.gov/default.aspx), maintained by the government, but is not a government site.

The site appears to be the answer to the CAN-SPAM act that became law in January, but unlike the Do Not Call site, it only refers back to itself. There is no contact information to check its validity, and the domain record at Network Solutions is private, requiring their relay of snail mail contact only. If you click on the Privacy policy link , it gives you a "Forbidden" error.

As a good example of social engineering, the site appeals to everyone's frustration with spam. It plays both on a user's naiveté and increased spam awareness.

Many users are finally getting the message NOT to click on the "Please remove me" link on many pieces of spam, which is a flag to spammers that they have a "live one". So by replacing the suspicious "remove me" link with something that looks like an official government site, the spammer still finds live ones.

Without a privacy policy, or contact information, it is best to leave this site alone. Also, as with any unsolicited e-mail, don't click on any links within the e-mail.

No Free Lunches With Online Freebies

We recently heard from a reader that had sent an E-card to their boss on the birth of her baby, and ended up getting swamped with spam. While we don't know for sure, we're assuming that she probably gave her boss a mailbox full of spam as well.