How Spammers Wag The Dog By Exploiting Telus’ New Online Community, the Neighbourhood

Imagine you were a spammer looking for your next mark. Would you want to use the same tired old email lists or would you instead prefer to reach fresh new audiences without even having to use your own list?

Enter Telus Neighbourhood forums, apparently the phone company’s latest idea about building an online community no one asked for! I thought that was my job.

But the Telus Neighbourhood isn’t anything like the Agora. It unintentionally enables spammers to reach their targets before Telus customers even have accounts on the platform.

You read that right. It enables spammers to reach your inbox without knowing who they’re messaging. To get your ‘message’ you need to not only access their site, but actually set yourself up as a user. This is of course tracked, so if you’re on a phishing expedition, you’ve arrived.

Here’s what I received this morning:

1 Kp6A6Cr7Sa2FpkYcfJnvcg

Private you say? I do not think that word means what you think it means.

Upon clicking the (hidden) link to read the spammer’s message, it was clear that I do not actually have an account on this platform. At least not one I have access to. But Telus has a plan to instantly convert me:

1 hLol8QbnEIEZCmQ6morFow
What? No account? Why not register for one now and get all the spam you can eat!

To their credit, an unsubscribe link is included in the email. However, it hints that my account will continue to exist in the Neighbourhood. That means it will be inaccessible to you but may continue to accumulate spam on your behalf, for the foreseeable future.

This snafu is probably unintentional on the part of a company I personally think is one of the better ones. As Robert De Niro said in Wag the Dog: “They just didn’t think it through”.

1 inuAAnFqX00n4XK8q5DMAA
Privacy protection? Just don’t screw the pooch.