My Canary Email Sings - Craigslist.org Possibly Hacked
2021-Dec-07
I am getting spam directed to one of my canary email addresses. I would love to take credit for this idea, but, while I had used unique emails for different sites it was not until I had a conversation with Wade Warren https://www.linkedin.com/in/lwwarren that I did this with any intent.
A canary email gets its name from a canary in a coal mine, used for early detection of gas leaks, the canary would die or pass out before the miner would, and most gases are not easily detectable without igniting them.
My canary email that I use for craigslist.org where I used to purchase some secondhand items, until I started receiving too many fraudulent items - sound cards, disk drives, memory, cell phones even some fake china, and being lured to a section of Oakland with no street lights to buy an old cell phone. The buyer never showed, and the address did not exist. Thank you MapQuest. But overall the amount of great items I have been able to buy locally keeps me going back.
I have created a number of dummy accounts with throwaway email addresses and monitor if they are used. If i receive email from them that is not legitimate, usually of a virus or spam variety. These are not used by myself other than to create an account, so if spam is being directed to them usually that is because of a hack or some other security event.
Of course, this method is not full proof, this particular email address is not randomized and could be guessable or randomly generated. Also, this is an old email address, so if an intrusion happened it could have been as far back as almost two decades ago.
While this may seem like an interesting tactic, by the time I receive spam email from hacked service providers their being hacked has already been announced. In fact this is only one of three times I could not find a correlating hack or news article of where my canary email address may have been compromised. However, sometimes the compromised emails are used close to the hack announcements, which is kind of cool, but not very useful.
I contacted craigslist.org about this and will relay any pertinent information.
I also do this with phone numbers, for a little over a decade. Recently, my canary phone numbers are being hit with an almost daily by SMS messages. My legitimate phone numbers are also being hit, nothing revolutionary, except don't click links from those messages.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.