HugeCrush.com -- spamming sophistication
2002-07-15 01:00:00 UTC
This week's award for sophistication in spamming goes to... HugeCrush.com.
I just got an email with the subject "Someone has a huge crush on you" which I took to be spam as soon as I saw it and I very nearly deleted it. But just before I hit the delete key, the lonely yet optimistic romantic in me got the better of me and I stopped to check it out.
The email begins:
Dear Colin Robertson,
Someone has a huge crush on you.
hugecrush.com has registered that someone has a huge crush on you. To find out who, please click on: http://email@example.com
If the above link does not work, please visit http://www.hugecrush.com and login using your email address.
They know my name. That's a good start. But it's not a brilliant start. They've capitalised my name, which a lot of the people who know me personally know that I don't do. They've also used an email address which I haven't given out to anyone for a year or so and which is now pretty much left to the spammers. So while it could be a from a real person, it would have to be from someone who's known me over a year and who hasn't yet discovered that I have a new email address.
So my first assumption when I'm asked to log in using my email address is that they want to verify that the address exists and is in use, thus increasing the value of the address list they sell. I don't play their game. I log in using the distinctly implausible address firstname.lastname@example.org. Even more implausibly, I'm told that this address has one crush on it.
So I click through some of the clues to the identity of "mazzy's" secret admirer and all I get is a set of very generic statements: "I may already have a partner", "I wish I had met you years ago", etc. And I have the option of making a guess as to who this person might be by entering their email address.
There's also an "Open" button, presumably for finding out the identity of this person. I click on it and my browser asks whether I want to download a .exe file.
Yep, this is all far too suspicious to be believable, but you've got to admire their cunning. They send out a few emails to lonely losers like myself, the more gullible of whom will visit the site and, as they make their guesses, will enter a few more email addresses of people they know. Those people will then receive emails telling them someone has a crush on them and the process will be repeated. And the email addresses they receive will all be real, in-use addresses. It sure beats spidering websites.
Some other warning signs: The site carries no advertising. Unless someone is doing this as a labor of love, they must have some way of covering their costs. Also running whois hugecrush.com tells me that the domain name has been registered by someone in Hong Kong who gives their name only as "Crush, Huge".
The site also has a page from which you can send your own crush messages (though curiously hidden, as if they're expecting more of their visitors to be the recipients of the emails rather than the senders). So it may actually be possible that there's someone out there who does have a crush on me and has seen fit to tell me through this website rather than in person. It may even be the case that this website has actually recorded that information rather than just the email addresses involved. But sadly, I fear the chances are against it.