“Forward this email to every special woman in your life, and don’t forget to send it back to me so I’ll know…”
Have you ever shared an email chain letter like this? It’s hard to resist. You feel as if the woman who sent it to you, who thinks you’re special, will believe you don’t feel the same way about her if you don’t send it back. Yet, if you do join the chain, you are setting yourself and your friends up for address book harvesting.
The addresses are typically used by, or sold to, spammers. Next thing you know, your friends begin receiving spam that appears to come from you, their friends get spam that appears to come from them, and so on. Now you all have to change your email addresses and notify everyone of the change. For a small business owner like me, this would be expensive as well. I would have to reprint business cards, letterhead, etc.
It gets worse. Although spam sales pitches may be the most common use of harvested email addresses, they can also be used in cons such as phishing, which try to trick people into divulging personal information that can, in turn, lead to identity theft or other crimes.
Spammers word their messages to make them hard to resist. A little boy won’t get his dying wish unless you forward the email. Or, as in the example above, your friend will think you don’t care about her. These tugs on the heartstrings are precisely the red flags we should look for before joining a chain.
But email isn’t the only vehicle for data mining. How many times a day do you see something like this on Facebook: “Click’ share’ if you love your mother” or “Most of you won’t care enough to repost this, but…”?
The first (and only) time I tried to share something of this nature, it didn’t work. What did happen was that my Mac computer began acting strange till I restarted it. My tech consultant told me that was probably because some windows-based malware was trying, and failing, to install itself on my Mac.
The likely result of sharing such posts on Facebook will not be address harvesting, but rather, mining of information about your likes and dislikes. Do you love someone who has cancer? Do you have a soft spot for our troops? Is your mom still living?
What do the compliance professionals who start these things do with the info? I’d like to think that they only use it to target you with certain ads, but who knows? Criminals continually invent new ways to abuse your information. To me, one of the scariest uses of malware is covertly using your computer to store and send out copyrighted material the criminal has pirated.
Does this mean that every email that urges you to forward is a vehicle for spammers and thieves? Does it mean that you can’t safely share any appeal on Facebook? No. But if you really think your friends are “special,” you can avoid setting them up to be victimized.
First, look for a guilt trip in the message. This is what interests me as a persuasion specialist. The guilt trip is what makes the call to forward or share so irresistible. It engages an auto pilot response hard-wired into your brain, and so, I classify it as one of the “Dark Arts” of persuasion.
Some guilt trips are subtle, as in “Forward this to everyone you care about. I hope you send it back to me.” It indirectly suggests that, if you don’t send it back to the person who sent it to you, he has a right to, and will, feel that you don’t care about him.
Other guilt trips are more overt. They may take the form of a challenge. “Ninety-nine percent of you won’t repost this. Shame on them. Stroke survivors deserve our support. Show that you are one of the few who care enough to click the share button.”
As for email, another red flag is the request to forward to some set of people, including the one who sent it to you. This sets up that chain reaction so that your addresses eventually get back to the compliance professional who started the whole thing rolling.
In Facebook posts, the request to share and/or like will usually appear in the body of the shared material, rather than in the comments of your own FB friend who posted that image. Sometimes the image will also urge you to “like” the post.
What about a call to share that does not appear in the image posted, nor in the comment of the friend who posted it? For example you sign an online petition to increase funding for school arts programs, small farm assistance, or some other cause you feel is worthy. After clicking the “sign” button, you see a new screen urging you to share the petition on social media. Frankly, I can’t be sure what happens in such situations. I would hope that, in the case of a legitimate charitable or social outreach organization, for example, your information would be used only to target you for similar charitable appeals, rather than to infect your computer with malware or to make you the victim of a serious crime. But I certainly don’t claim to know that for sure.
So how do we resist without offending our friends and colleagues? First, remember that nobody else has the authority or the right to unilaterally dictate the test of whether or not you love your mother or support our troops. The fact that they take it upon themselves to set you up doesn’t mean that their test is valid. It’s as if someone says, “If you don’t jump off your roof, you’re a wimp.” Failure to jump doesn’t make you a wimp because he said so. But jumping to prove you’re not a wimp says something about your lack of street smarts.
When I get a chain email from a friend, I initiate an original email to her or him thanking them for their kind thoughts, assuring them that I feel the same way about them, and simply stating that I have a rule of never engaging in chain letters.
But if you can’t resist sharing the exact message, copy and paste it into a new email to the sender and any other friends. That should cut the original spammer out of the chain. To avoid setting up a new chain of your own, delete the part about forwarding to certain people including the sender.
Also, instead of addressing the new email to your friends directly, address it to yourself and bcc everyone else. This avoids exposing your friends’ email addresses to others. In fact, this is a good practice anytime you send email to multiple people who don’t already know one another.
As for Facebook posts, always remember that, no matter how you set your privacy and security parameters, social media is never really private. If you are interested in maximum self-protection from data mining, don’t share or like a post containing the red flags identified above. Again, if the content is really that important to you, try re-creating it in an original post of your own. And if you are concerned about offending the friends who posted the suspect content, you can message them personally.
The downside of such self-protection is that some of your friends may still take offense if you don’t forward or share their messages. My tech consultant tells me he has quit trying to warn people about data mining because, so often, these people become annoyed, or even angry, with him. Only you can decide how you will prioritize privacy versus annoyance.
So I’m sticking my neck out a bit here, hoping I don’t offend any of you, and that you’ll comment or contact me if I did, so that I can make it right. As always, my goal in my “DADA” articles is to give you the tools to protect yourself. You decide what, if anything, to do with those tools.