You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Every day I get dozens of cold calling emails from UK companies offering help with SEO and Google Ad-words. Some offer other kinds of marketing and video help.
They're normally conversational in tone, as if I've met the salesperson:
"Hi again Joe,
Just following up on my last email in this thread.
Did you want to take me up on my offer to review your Google AdWords?"
The odd thing is that they all are addressed to the same email address that doesn't really exist. We have a catch all on our domain which ends up in my inbox. What I can't work out is where they are getting this address... these companies must have bought it from somewhere?
Every single one of them offers the chance to "unsubscribe" from the mailing list... although it makes no difference clicking through it. As another dozen will arrive over the next day or so from other companies.
Do any of you IT boffins know what is going on?
Every single one of them offers the chance to “unsubscribe” from the mailing list… although it makes no difference clicking through it. As another dozen will arrive over the next day or so from other companies.
I'm afraid in the case of proper spam by clicking the unsubscribe you've just legitimised the email address as a 'live' recipient.
There will be all sorts of random email address generation going on. Assuming your company has a website with the same domain name as the email addresses then it's not beyond the realm of bots to find web addresses and spam generated email addresses. sales@yourcompany.com, contact@yourcompany.com etc...
Reasonable chance its just a guess. Is it one likely to be used by other companies (the nondomain bit that is)?
Always be careful clicking on unsubscribe links. Thats telling them you are reading it and hence a target for more!
Exception would be companies where you did sign up to the mailing list and now are bored.
Oh well... I will just pick 2 or 3 repeat offenders a day to diligently report to the ICO then.
If it's an address that 'doesn't really exist' then redirect it to the bit bucket.
We have a catch all on our domain which ends up in my inbox.
Why? Apart from the spam do you get any legit emails via this catch-all set up?
Given the e-mail address being spammed isn't anyone in the business's actual address it seems like you have a fairly easy solution
Where do spammers get my business email address?
I assume most came from LinkedIn...
I will just pick 2 or 3 repeat offenders a day to diligently report to the ICO then.
I though that only applied to personal data, which a business email wouldn't be classed as?
We as a small charity have been on the receiving end of two very well designed scams via email. It involved the scammers initially 'verifying' an email address or two by sending spam and getting someone to 'unsubscribe'. They then used our website and we think Linkedin to work out other people in the organisation, guessed their email address (Easy done) and then make a move.
They purported to be our CEO, right down to a copied footer from one of our proper emails, and asked for all sorts of gifts to be sent to staff.
In addition over the last year the number of spammy 'talk to me about SEO or training' emails has rocketed.
We now:
- train staff every six months for a quick 10min refresher of spotting spam/scam.
- pay for an extra spam filter / warning on all our inboxes.
- right click and mark as spam ANY unsolicited email without responding in anyway. If I didn't ask for it, it is spam.
Have a look at https://haveibeenpwned.com/
Stick you're email (or password) in there and it will tell you if the address has been in a data leak and if so where from.
The other option is that someone knows your company and knows you work there (linkedin?) - e.g. john.doe@mycompany.com and just by guessing the format it gets through to you.
Random guesses at your domain, you have a catch all and you click to confirm your email is real by ‘unsubscribing’.
Disable catch all, setup filters to catch the junk ones you’re receiving and stop clicking on spam links.
What companies house data is available for your company? Scraping a name off there is trivial.
Did you register your domain name yourself? If so registeredname@domainname.com can be easily be generated in code.
If not.... well... if you're using realname@domainname.com for real... then your email address isn't secret... and everyone using your domain using be getting myname@domainname could be getting spam assuming they are either the company owner, or someone influencing the decision making when it comes website or SEO work.
If not... well.... everycommonname@domainname.com can be sent this rubbish. Throw enough shit at the wall...
Which is why "they all are addressed to the same email address that doesn’t really exist" is more normal than not.
How many thousands of offers to build you an app, get you to the top of Google listings, what's your MOQ, how fast are payments, your inbox is locked, are you overpaying your business rates type emails end up in unaddressed or spam boxes every day? I'm going to guess at billions. Thousands of them will be seen. Hundreds of them will be acted on people who'll then be scammed.
No it's a very oddly spelt version of my first name at the domain name, which isn't a format used by any other company employee. So that is what is strange about it. Not sales or something guessable format wise.
Cheers anyway - deleting the catch all.
LinkedIn Sales Navigator.
That’s what it’s for.
I though that only applied to personal data, which a business email wouldn’t be classed as?
Work email addresses can still be personal data but in the case of spamming like this it's likely to be PECR, not GDPR that's being breached.
The amount of spam I get at work does my head in. Mainly seo and shopify related. Any tips for filtering it out?
At work? Complain to your IT department.