ASB Bank, compromised?

Posted by Kris Price | May 23, 2009 | No Comments

Since I got my domain name, back in 2000, I’ve been running an experiment on spam. Whenever asked for an email address, such as when signing up for a website, or making a paper application for bank account, I create and provide a unique alias for that website or company in question. It has been interesting to track where spam comes to. The most spammed address is the one I used for ICQ. There have been a few obvious cases where it appears dodgy websites have leaked the email address, but the first seriously concerning case has happened recently.

Back in April of this year I started to recieve spam to the unique email address I gave ASB Bank. What does this mean? Well the possibilities are:

1. My computer or webserver was compromised, and my list of mail aliases escaped onto a spam list. But this doesn’t add up. I don’t seem to be compromised, and more tellingly there hasn’t been any other cases of this, which would be statistically strange given the list of aliases is very long.
2. I somehow mucked up, and entered the same email address on a website that turned out to be dodgy. This doesn’t seem likely, because the email address is distinctly identifiable as intended for ASB Bank.
3. I sent an email from that address to someone else, not at ASB Bank, where it escaped. But that one doesn’t add up either, because my records seem to show no outbound email from that address, and only a few legitimate inbound emails to it (the last in October 2008).
4. An employee at ASB Bank has extracted the email addresses from their database and sold them. I hope this isn’t the case, but it always is a slim possibility.
5. A computer at ASB Bank was compromised, and the email addresses were harvested that way.

This last one seems more likely.

Comments

• Upcoming Posts

• Links

  • Arch Centre
  • Eye of the Fish
  • Flickr
  • NZ FTTH Blog

• Misc Stuff

  • I am also blogging on the subject of FTTH over here.
  • I tried to make better use of referendums, but it didn't work. It was appreciated by some, just too few.

• Latest: NZ FTTH Blog

  • 25,000 kms of fibre, really? 31 May 2010
  • Roads vs. FTTH 1 June 2009
  • Point-to-point vs. PON 1 June 2009
  • News Roundup 14 May 2009
  • The Australian Estimate 14 May 2009

• Flickr

  I am (very) slowly uploading photos to flickr.

• About

  Everyone seems to be doing this microblog thing. (See The Daily Show for an explanation of "microblog".) So I thought I'd take it back a decade and do the macroblog thing. (Ha! Take that, Zeitgeist.)

  The intention is was to write one post each week over 50 weeks. The anticipated result is a lot of unoriginal thought.

  The other intention is to sort and tidy my projects for uploading.

  This is an experimental blog, so fast and loose opinions are likely. They are, of course, my own at the time of writing, and naturally subject to change.

• Search
• Search for:

• Archives

  • February 2010
  • May 2009
  • April 2009
  • March 2009

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org