| View previous topic :: View next topic |
| Author |
Message |
dl97
Joined: 12 Sep 2005
Posts: 6
|
 Posted: Mon Jan 16, 2006 8:02 pm Post subject: |
 |
|
| Ameritrade sold my address to a spammer who sent 4 investment-related spams so far - "buy this stock now, exciting new developments driving up the price..." |
|
| Back to top |
|
 |
jgombos
Joined: 14 Dec 2005
Posts: 53
|
| Posted: Tue Jan 17, 2006 1:46 am Post subject: |
|
|
| dl97 wrote: |
| Ameritrade sold my address to a spammer who sent 4 investment-related spams so far - "buy this stock now, exciting new developments driving up the price..." |
Please post a couple, or send them to me privately. I would like to compare them to what I received. I don't need the headers - just the body.
Thanks!
UPDATE:dl97 sent me the bodies of a couple spams sent to his ameritrade address, and they matched what I recieved. So this validates my suspicion that someone internal to Ameritrade leaked our addresses. Ameritrade guarantees customers that they do not share or sell email addresses, so it seems this is legally actionable. Did anyone else get spam at an ameritrade unique spamgourmet address?
I'm not sure how we would prove to a court that spamgourmet's servers weren't harvested. |
|
| Back to top |
|
|
jgombos
Joined: 14 Dec 2005
Posts: 53
|
| Posted: Sat Feb 18, 2006 4:00 am Post subject: |
|
|
| Ameritrade never followed up. So I've filed a complaint with the BBB. |
|
| Back to top |
|
|
SysKoll
Joined: 28 Aug 2003
Posts: 868
|
| Posted: Sat Feb 18, 2006 4:22 pm Post subject: |
|
|
jgombos,
Could you please post here (or send me in a PM) the headers of spams you and dl97 got?
Thnak you.
_________________
-- SysKoll |
|
| Back to top |
|
|
SysKoll
Joined: 28 Aug 2003
Posts: 868
|
| Posted: Sat Feb 18, 2006 4:27 pm Post subject: |
|
|
| jgombos wrote: |
I'm not sure how we would prove to a court that spamgourmet's servers weren't harvested. |
First, you cannot prove a negative, so any lawyer who would even suggest this would be slapped down by his colleagues.
Second if it was the case, a lot more spammers would have been exploiting this by now. And if they had broken into our servers, they'd not bother sending email to easily refutable addresses, they'd go for the protected addresses.
Neither of these has been observed.
So application of Occam's razor suggest we go with the obvious first, that is, Ameritrade.
_________________
-- SysKoll
Last edited by SysKoll on Wed Mar 15, 2006 6:30 am; edited 2 times in total |
|
| Back to top |
|
|
tcgraham
Joined: 27 Oct 2003
Posts: 16
Location: Florida
|
| Posted: Tue Mar 14, 2006 9:33 pm Post subject: Applebee's restaurant |
|
|
I used a targeted email address to Applebee's restaurant . They have set the record for spam emails sent to me (probably a source other than Applebees)using the email address I sent to them.
Get this...........5600 emails in 24 months!
They either sold the address or let it out to a third parter mailer. Needless to say, I would never patronize their restaurants in the future.
Can anyone beat that one? |
|
| Back to top |
|
|
mysticturner
Joined: 12 Jun 2005
Posts: 38
Location: Dallas, TX
|
| Posted: Fri Mar 24, 2006 8:36 pm Post subject: Another Spam company - Ticketmaster |
|
|
| A newsletter/forum that I am on (called Ed Foster's Gripe Log) currently has a gripe going on about how Ticketmaster spams it's customers. The article is at http://www.gripe2ed.com/scoop/story/2006/3/20/1718/07851 and talks about the policy that Ticketmaster has. Basically, if you look at a ticketmaster site, you've given them the right to spam you. My experience confirms this. My SG account with TM has gotten 11 unwanted emails in the last three months, about 1 a week. Thanks to SG, they all got deleted. When I next buy tickets, I'll open the account back up for the confirmation emails and close it back down. |
|
| Back to top |
|
|
SysKoll
Joined: 28 Aug 2003
Posts: 868
|
| Posted: Sat Mar 25, 2006 4:25 am Post subject: |
|
|
Well, a lot of people out there call them Ticketbastards. They have several reasons, and spam is probably the least of them!
_________________
-- SysKoll |
|
| Back to top |
|
|
jgombos
Joined: 14 Dec 2005
Posts: 53
|
| Posted: Fri Apr 21, 2006 8:30 pm Post subject: Ameritrade response |
|
|
Ameritrade responded to my complaint to the BBB. Here's the body of that letter:
| Code: |
We received correspondence from the Better Business Bureau about your Ameritrade account.
I wanted to follow up with you about the Spam e-mails you received. I apologize for the delayed response and understand any frustration you may have experienced in this matter. Although we have been unable to determine the exact cause of the Spam, I wanted to inform you of what we do know.
We thoroughly reviewed our systems and data sent to third parties with access to e-mail addresses and found no misuse or compromises of any of our systems or storage mediums for e-mail addresses. Additionally, after further review of our systems, there is no indication that your account information held with Ameritrade has been compromised. Please be assured that we regularly contract leading edge security firms to conduct network and application penetration tests to test the security of our network and web presence. We also employ a staff of full time employees solely dedicated to Information Security.
At this time, we continue to work with the U.S. Securities and Exchange Commission to investigate this matter and the source of the Spam e-mails. Should further information become available, we will notify you of our findings. You may review our Privacy Statement at http://www.ameritrade.com/privacy.html and our Security Statement at http://www.ameritrade.com/tell_me_more/index.html?startpage=internet_security.fhtml.
We would appreciate your continued support in this matter. Should you receive further Spam to the above referenced e-mail address we ask that you please print and forward the information as soon as possible to:
Ameritrade Compliance
Attn: Jeffrey Plummer
P.O. Box 2148
Omaha, NE 68103-2148
I personally thank you for the opportunity to be of service in this matter.
Sincerely,
Jeffrey K. Plummer
Client and Regulatory Relations Analyst
Corporate Compliance
Ameritrade, Division of Ameritrade, Inc. Member NASD/ SIPC
|
|
|
| Back to top |
|
|
SysKoll
Joined: 28 Aug 2003
Posts: 868
|
| Posted: Sat Apr 22, 2006 3:46 pm Post subject: Re: Ameritrade response |
|
|
| jgombos wrote: |
Ameritrade responded to my complaint to the BBB. Here's the body of that letter:
| Code: |
We thoroughly reviewed our systems and data sent to third parties with access to e-mail addresses and found no misuse or compromises of any of our systems or storage mediums for e-mail addresses. Additionally, after further review of our systems, there is no indication that your account information held with Ameritrade has been compromised.
|
|
Translation: it's an insider job, as very often in this case. There have been several instances of dishonest employees who copied customers' contact info and sold it to a third party.
Considering that small-cap stock pump-and-dump scams can easily generate hundreds of thousands of dollars, I would not be surprised if a scam artist had bribed an Ameritrade employee.
Please make sure that you forward further stock spam to Mr. Plummer. It is worth investigating.
Plus, think of it. You might have just started an investigation that will either lead to the arrest of a scammer's accomplice at Ameritrade, or at least scare him enough that he will balk, refuse to continue leaking info, and, with a bit of luck, get shot by his former associaltes.  Man, you are a hero in the making!
_________________
-- SysKoll |
|
| Back to top |
|
|
mika84
Joined: 29 Jul 2004
Posts: 36
|
| Posted: Sun Apr 23, 2006 10:26 am Post subject: Re: Ameritrade response |
|
|
It's very easy to collect addresses, credit card information or so on. It's just about who's willing to give that information to "wrong hands".
It's all simply about morale. Some companies doesn't understand that unhappy employees are huge risk to company and it's customers.
I have in my hands over 200 000 credit card numbers (from last month), millions of active email addresses (last month) and so on. I can simply extract all that information from transaction logs. We offer ASP services to compoanies that sell their services to other companies and I have direct access to all that information.
Anyway most of people are honest enough not to missuse this kind of possiblity. There are a lot of services that you trust and they might still missuse your information. Most normal people doesn't think that when ever they use their credit card, they'll give away all information required to miss use that card.
So if you are summer employee in local supermarket you can copy all customer credit card information from server at that site. Possibly also have access to their bonus card information if it's used with credit card you'll have address information and so.
It would be interesting experience see how long I could steal and misuse information from systems before nobody can pinpoint leak to me. Maybe I won't directly steal information from systems. Because that would show up in access logs. Maybe I'll take my copies from backup copies. Because access to backups isn't logged in anyway. But there aren't too many persons allowed to do that.
If I steal information from only one of our customers systems, they might not shortly know that it's their ASP that steals information from their system. Because naturally they trust us. They might think it's their internal leak.
Miss using credit cards might lead to large scale investigation. But leaking email addresses? Hmm, maybe not. So I guess I might do that at least once and be damn sure that they couldn't pinpoint source of the leak. |
|
| Back to top |
|
|
jgombos
Joined: 14 Dec 2005
Posts: 53
|
| Posted: Wed May 10, 2006 2:22 pm Post subject: Ameritrade settlement |
|
|
I responded to Ameritrade essentially stating that investigating the attacker is inadequite, and that they need to take steps to ensure email addresses are protected from insiders. I also asked for compensation for the disclosure. Here is the body of their response:
| Ameritrade wrote: |
We appreciate your comments and suggestions regarding the Spam e-mails you have received. We will definitely keep you posted on any information that becomes available in this matter and of any future actions we take to mitigate the improper disclosure of your e-mail address. In the meantime, I have provided a copy of your letter to our Information Security department for their review. In an effort to help make up for your frustration, I’ve credited your account with 10 commission-free Internet equity trades good until November 1, 2006. This is everything I can do in this matter.
I personally thank you for the opportunity to be of service in this matter. On behalf of TD AMERITRADE, we look forward to serving your investment needs in the future.
|
It's a great response. That's the response I was looking for. |
|
| Back to top |
|
|
SysKoll
Joined: 28 Aug 2003
Posts: 868
|
| Posted: Wed May 10, 2006 6:13 pm Post subject: |
|
|
Not bad. I am really impressed with their Customer Relationship. They not only admitted that their was a screwup on their part, they actually compensated you for the breach of confidentiality. Most companies out there don't even recognize their might be a problem.
Please keep us posted if you hear anything from them again, jgombos.
Also, you might want to call an editor at Forbes or Money magazine to see if the story would interest them.
_________________
-- SysKoll |
|
| Back to top |
|
|
SysKoll
Joined: 28 Aug 2003
Posts: 868
|
| Posted: Mon Jul 24, 2006 4:29 am Post subject: Re: Ameritrade settlement |
|
|
| jgombos wrote: |
I responded to Ameritrade essentially stating that investigating the attacker is inadequite, and that they need to take steps to ensure email addresses are protected from insiders. I also asked for compensation for the disclosure. Here is the body of their response:
| Ameritrade wrote: |
We appreciate your comments and suggestions regarding the Spam e-mails you have received. We will definitely keep you posted on any information that becomes available in this matter and of any future actions we take to mitigate the improper disclosure of your e-mail address. In the meantime, I have provided a copy of your letter to our Information Security department for their review. In an effort to help make up for your frustration, I’ve credited your account with 10 commission-free Internet equity trades good until November 1, 2006. This is everything I can do in this matter.
I personally thank you for the opportunity to be of service in this matter. On behalf of TD AMERITRADE, we look forward to serving your investment needs in the future.
|
It's a great response. That's the response I was looking for. |
Any news on their "investigation"?
_________________
-- SysKoll |
|
| Back to top |
|
|
Paranoid2000
Joined: 15 Dec 2004
Posts: 71
|
| Posted: Wed Jul 26, 2006 10:52 pm Post subject: |
|
|
| Ameritrade don't appear to be the only online stockbroker "leaking" emails either - see the REAL Investor DBases W/ Full Info Specialham thread... |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
