Lately, I’ve noticed a new twist to the spam in my Junk Mail folder: The Viagra Pushers and Loan Givers include my full name in their subject line. I assume they’ve somehow raided my Windows User Profile – though I’m not even sure that my full name is there, now that I think about it. Any clues as to how it happens? And how can this unnerving practice can be stopped?
Companies you have previously conducted business with have sold the personal information you provided them, and it has likely, in a round-about way, ended up being sold to the spammers.
Eg, you shopped somewhere online and purchased something from someone with a negligible sense of morality.
Trade and Industry magazine purveyors are also notorius for selling their subscriber information to other mailing lists and such, and you frequently end up on spammer lists that way.
Just another reason why you should use disposable email addresses as much as possible, especially when you can create tracability so you know who sold your address.
If your e-mail messages have your full name in the headers, and someone you correspond with got a spam generating virus that raided their inbox, or address book they could have gotten your name from that.
As a data point:
I have run several domains in the past decade for various professional and personal projects, and have, as a result, been postmaster. A few of those domains still exist, though they are not being actively updated, and rather than maintain each of the e-mail addresses as separate accounts, I funnel all the mail from those domains into a catch-all account. This adds up to thousands of spam a day (many of which are clearly invented addesses that never existed – e.g. spammers randomly combine the account names and domains on their lists in the usually vain hope of accidentally hitting a valid address: if there is a jsmith at Microsoft, maybe there’s one at mydomain, too. The scum!)
I have, however always been careful about giving out my actual name, and as a result I use it as a major filter term. Any mail that uses my first or last name (both unusual) immediately gets filtered to my primary inbox.
I can’t recall the last time a genuine spam appeared with my name on it. Sometimes I will see one that is directly traceable to a commercial source (I’ve used false middle initials, typos or middle names to track the origin of junk mail since the 80s, and continued the practice on the Internet), but even this is fairly rare (e.g. one or two new sources a month, which I immediately filter to “junk” – a small number, considering that I’ve been an ardent e-mail user since 1977)
I suppose I was lucky. I didn’t begin to actively protect my real name until roughly 1997, and three of my early Web/USEnet “alteregos” from 1997 still get hundreds of spam a day, though they have always been filtered, unread and without response. If I’d waited another few months, things could have been much worse.