Fake Antivirus by Email

@Michael: Don’t be surprised if your email address is sold, especially if you are using a free email service (aka yahoo, hotmail, gmail, et al). As you mentioned, even if you don’t give it out per-se, the mere act of sending an email from that account you’ve potentially exposed your email address.

Send an email to dear old mom and dad, who happen to have an infected machine – “poof” you email is now out for distribution. Use a email address to sign into a website? Again, potentially another source. Given an email address to a government agency, cell phone provider, etc,, etc., etc., and your email address is out there.

Some are even known to brute force names at common email servers. The ones that don’t bounce back are potential useable. So if you go into the phonebook, look up a person, see where they live, identify ISPs, you’ve got a start (they have comcast, att, verizon, yahoo, gmail, email, etc) – figure out potential username, from the first/last name – and just brute force it and fire away and see what happens. Or one could just purchase a list from legal or non-legal source.

The biggest problem is, you really don’t know where your information is, who has access to it, who might share it, and if it been breached or not. Unfortunately there is no privacy anymore, despite the illusions of privacy policies (which always seem have a “we can change at anytime clause”, and “use constitutes acceptance of new terms”). Which basically translates to, we say we will only do this, but should it be convenient for us, we can do whatever we want, and there ain’t a thing you can do about it!

If you want some enlightening reading, do a search on “FaceBook and shadow profiles” – talk about a constructive method of gathering information. (Shadow Profile – a profile that is constructed on a person, from data that others provide, despite being a non-user of a site.)