Buy Today!
Book Cover
The Music Video
You've got to see it to believe it: Check out the "Mister Spam Man" video at YouTube.
Search Dispatches
Archives
May 2019
March 2019
August 2018
July 2018
June 2018
May 2018
April 2018
December 2017
November 2017
September 2017
August 2017
July 2017
February 2017
March 2016
January 2016
November 2015
May 2015
April 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
April 2013
February 2013
January 2013
December 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
Dispatches RSS Feed
Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Maybe I Expect Too Much Logic | Main | Phishers Desperate to Look More Ophicial »

June 14, 2005

Brand Name Survey Scams

I must have the likely suspects of "survey" spammers in my spam filters because it's now rare that I get to see the contents of the messages (they get trashed on the server after logging the Subject: line). But one slipped through the filters today, reminding me about how dastardly these liars are.

This one's Subject: line would attract the attention of any chocoholic:

Hershey bar Survey: Milk Chocolate vs. Dark

The From: field read:

Hershey's Survey

Whenever I see a respected brand name hurled about in an email message Subject: or From: line, my scam radar goes into high-sensitivity mode. Therefore, rather than rush to open and view the message, I check out the source code first.

The originator of this message identified himself as a domain whose name contained the word "offer." That the message did not originate from a Hershey's server is not alarming. It's not uncommon for big companies to contract outside services for market research.

But then I did a little digging on the domain name. A distinctive stench began to waft my way. The telephone and FAX numbers of the registrant were—and I'm not afraid of revealing too much by publishing the numbers here—+1.5555555555. Veteran U.S. film and TV watchers know that the 555 telephone prefix is reserved by phone companies in every area code as a non-working prefix for use in offline demonstrations, movies, and what-not. That's to prevent film buffs and whackos from dialing a number mentioned in a movie to see who answers (usually some little old lady who eventually has to change her number).

The name of the registrant or contact email address had no match to the "offer" domain name, although the word "media" appears in the company name (by now you're probably getting the picture). Moreover, the Chicago street address turns out to be a UPS (formerly Mailboxes etc.) store.

My question is, therefore, would a company, such as The Hershey Company, hire a firm: a) whose mailing address is a personal mailbox at a UPS store; b) who provides bogus domain registration info; and c) mails from a nondescript domain that is not quite one month old?

Looking into the message body, I find some additional disturbing things. Like the fact that viewing the message in a regular HTML email window loads several images from two other domains, each image URL containing an affiliate ID. Thus, each view of the message may earn brownie points or cents for the sender.

The clickable links also are coded with a hairy identification number of some kind (divided into four segments). The number is certainly long enough to correspond to my email address entry in the sender's database, while the other numbers could identify the message to help the sender know which version of the pitch I'd be responding to.

There is little plain-view text in the message. I presume most of the come-on is in the images—which I won't download or view. But the text I do see invites me to click to learn more about 10 pounds of complimentary chocolate or a $50 restaurant gift card. Hmm, they don't say it's Hershey's chocolate. Nor do they say that I'd definitely get one of these things for clicking "there." With such a great risk of confirming my address to the sender, I won't click the link to see where it leads.

(I don't know what kind of information the survey asks of its participants, but the lure of ten pounds of chocolate may be enough to pry some sensitive data. According to a BBC News article, 70% of surveyed Liverpool, England commuters were willing to divulge their computer passwords for a mere bar of chocolate. For ten pounds of chocolate, they'd probably hand over their first-born children.)

I tried contacting Hershey's to see if this survey is legitimate, and whether this message was a proper use of the company's trademark (there were no trademark assertions in the text portion of the message). Unfortunately, too many Big Companies make it nearly impossible for Joe Average to get in touch with anyone who can dish out the straight poop.

(About a year ago, I got a survey mailing that claimed to be from the Wall Street Journal—I'm a subscriber. Treating the message with the same "radioactive waste" care described here, I did get in contact with someone at the Journal who confirmed that the survey was legitimate and under contract to Dow Jones. But she also noted that in my subscription details, I had asked not to be contacted. That I received the survey request was a mistake, and to compensate me for my troubles, she extended my subscription by several months. I thought that was pretty classy.)

Call me suspicious, but I strongly doubt that this message links to a Hershey's-sponsored survey. Instead, it's most likely a scam to collect your email address and perhaps some other demographic data that will be sold to others as a "targeted" email address. The address will be current (or, as one bulk email marketer called them in email messages collected by court subpoena, "freshies"), and will become a valuable asset to this spammer. You'll reap the benefit of even more spam to that address—long after the zits from eating ten pounds of chocolate have receded (as if you'd actually get the chocolate).

As for my chocolate preference, it's dark chocolate. The Hershey Company probably already knows that.

Posted on June 14, 2005 at 05:00 PM