Last year I outed ChemistDirect.co.uk as having given my email address to spammers in my article ChemistDirect.co.uk Exposed Me to Spam Email. Now, over a year later, I can out them once again.
After receiving the original email I decided to set them another trap, signing up with a number of different email addresses over a period of time, each with a date indicator in the email I supplied.
The format was as follows:
chemistdirect141592[yyymmdd] "at" jameswiseman.com
You can read more on my spam trap technique in this article
So, I few days ago I received an email addressed to ‘chemistdirect14159220101008′ ‘at’ jameswiseman.com. This meant that the email address I had given out on the 8th October 2010 (as indicated by the ’20101008′ part had been compromised)
The message was as follows:
I'm waiting for you,
Katelynn [web address]
Like previously, this redirected to a pharmaceutical website offering Viagra.
So, despite a comment purporting to be from their IT Department telling me that ‘We take user data security very seriously as our business depends on this’ it seems that ChemistDirect are still up to their old tricks.
And, if the email addresses are compromised, how safe are the credit card details that you are submitting?
Just a thought.
The shame of ChemistDirect.co.uk (note, not hyperlinked) continued today with the receipt of my sixth spam email:
Not, a huge amount, granted, but still six more than I would have cared for, and I am still not sure what else has been compromised. To date, they are the only company so far that have compromised my email address.
So, following the advice in one of the comments against my original post, I will be contacting the The Information Commissioner’s Office in the UK. I’m not being hasty, so have read their complaints procedure.
First, tell the organisation concerned and give it an opportunity to put things right. Many data protection problems can be solved quickly without us getting involved.
Well, of course, if you read my original post then you will know I did try to contact them, and even left my mobile number at the request of the bewildered operator. I have received no reply since.
Meanwhile, it’s worth checking out the words of the company’s founder, Mitesh Soma, featured here in an article from the Times Newspaper:
“To run a successful online business like this you need good managers in customer service, finance, operations and IT. You need people who are hungry to succeed but who have also been there before.”
Might I add the following: “Stringent security for the protection of personal data”, and “An effective means of investigating and handling data protection breaches.” Neither of which has been demonstrated to me.
In this blog entry I wrote about my spam-trap email system:
My email account is set up such that all mails sent to @JamesWiseman.com will end up in the same mailbox. So, think of a word, put it in front of @JamesWiseman.com, send me an email, and I will get it.
So, when I sign up for SomeService.com, the email address I give is ‘firstname.lastname@example.org’.
Today, I recieved a spam email with a ‘To’ address that contained the name ‘ChemistDirect’. I bought some earplugs from them half a year ago.
The email wasn’t ‘From’ Chemist Direct, and it was offering me Viagara. It is, of course, illegal to buy precription drugs without a prescription, so ChemistDirect.co.uk have appeared to pass my email onto an organisation involved in facilitating criminal activities.
And it appears, that you don’t have to look far to find other examples of this, and poor customer service: http://forums.moneysavingexpert.com/showthread.php?p=36648375. You can even try your own google search!
So what did I do?. Well, I called them up, and spoke to a bewildered operator who told me to email them! Like I’m going to give another address out, and I’m not going to mess around actually setting up a ChemistDirect@ email account on my domain.