Your online background check is now public!

Published: 2014-09-17. Last Updated: 2014-09-17 22:33:39 UTC
by Daniel Wesemann (Version: 1)
7 comment(s)

An email titled "Your online background check is now public" might be half-scary if it was sent to a real person. But if it is a bunch of honeypot email addresses that have nobody associated to them in real life, and they get half a dozen of these emails per week, then it can only be spam, scam, or - most likely - both.

After tolerating and binning these noisy emails for a number of weeks, we finally decided to take a look-see on what is behind them. Turns out they all lead to "instantcheckmate-dot-com", who are peddling "background investigation services".

Sadly, the "background check" for our Honeypot actually wasn't all that extensive. I would have loved to read about the sleazy hidden life of our little Honeypot, especially its speeding tickets (highly unlikely, it is an old i486) and its convictions for possession (more likely, given that on past occasions, smoke has been seen coming from the enclosure), or its sex offenses (unlikely again, given that its ports are all serial, and its slots are all ISA :).

We didn't try the Instant Checkmate "service", so I can't tell if its any good. But given that its offerings apparently need to be spammed, and the spammed URLs change daily, and redirect across four hops to end up on tcgtrkr-dot-com, and finally on instantcheckmate, I'd say the odds are they ain't up to much good.

If you own this "service", you are welcome to comment, after all, your background check is now public :). If you prefer not to comment, you might want to consider removing email addresses that have the word "sans" in them from your spam list, maybe?

Keywords: spam
7 comment(s)
ISC StormCast for Wednesday, September 17th 2014 http://isc.sans.edu/podcastdetail.html?id=4151

Comments


Diary Archives