email address used for Avast now receiving spam

system · 2017-10-19T08:52:06.000Z

The email address that I use for Avast has only ever been used for that purpose. This morning I have received a ‘Mens Health’ spam message to that address. So, how did the spammers get hold of that email address?

I won’t go into details about how the addresses I use are formed, suffice it say that there are potentially tens of thousands and the Avast one is the only one in the past few months to receive spam.

Pondus · 2017-10-19T09:21:59.000Z

Email address harvesting
https://en.wikipedia.org/wiki/Email_address_harvesting

Directory Harvest Attack
https://en.wikipedia.org/wiki/Directory_Harvest_Attack

system · 2017-10-19T12:21:17.000Z

I wouldn’t put it past them. Years ago this would surprise me, but not anymore. Like many people, I use 1 junk address for installing software, etc., but then it’s hard to tell if 1 company is a culprit. That was a good test you did, so now you know. Yes it’s possible that there’s some small malware on your computer that monitors your keystrokes or Internet traffic, but it’s equally as possible that Avast really does sell the address list, or that their servers have malware on them.

If Avast does it intentionally, then of course they’re not going to tell you, but hopefully they’ll at least check their servers for any malware.

Pondus · 2017-10-19T13:34:15.000Z

D’oh! … @Todd_NC did you read my post above?

system · 2017-10-19T16:48:24.000Z

Pondus post:2:

Email address harvesting
https://en.wikipedia.org/wiki/Email_address_harvesting

Directory Harvest Attack
https://en.wikipedia.org/wiki/Directory_Harvest_Attack

The email address in question shouldn’t appear in any public location and so should not be accessible to any ‘harvester’. The variant suggested of using a dictionary attack (or even a brute force attack) would surely have resulted in many of my potential tens of thousand addresses receiving the spam - and the address used for Avast is the only one.

Announcements