Spam and why pharmacies ought not send it

[Magician]

I've had a particular email address for over a decade, in disuse. Because it's a complicated email address, for a decade it has gotten only a handful of spam (Unsolicited Commercial Email, UCE as it is officially called) per year. Per YEAR. Whilst my active address gets around 150 per day.

I used the disused address for the five pharmacies on here which I have ordered from, starting a year ago. This week, all of a sudden, eight spams came in over a 2 day period. Almost an entire years worth, in 2 days. Conclusion: one of our listed pharmacies either sold my email address, or got hacked into. No, my computer wasn't hacked. I have no viruses.

Why did they do this? They already have me as a customer, why should they want to piss me off? Obviously I will begin setting traps to find out who leaked my email address. I am NOT happy. They HAD my custom, they WILL now lose it.

[riplayne]

Pissing off your customers is a pretty crappy business model, but then again it seems to work well enough for Microsoft, Bank of America, Comcast, etc.

Seriously though, if you're able to figure out who it is, I'd be pretty interested. I imagine most people on the forum would be. Just be sure to be 100% certain before calling them out publicly.

[islode]

i have one vendor that has been around for years. well about a few days after my order came my spam box is full or dr so and so sent you this. I will order from them again but i am sure it is them and i am wondering if i put my email address in again will i get double the spam. who actually uses these spammers.

[rustydragonlord1979]

I can't believe they would jeopardize their customer base for a few extra bucks. I wonder how much a persons name is worth on average? One would figure that constant ordering from a customer is enough. Why pass the business from that individual?

[dainsleif]

It's the price we pay, but scam is a quick way to make something look less than legit.

[Magician]

Seriously though, if you're able to figure out who it is, I'd be pretty interested. I imagine most people on the forum would be. Just be sure to be 100% certain before calling them out publicly.

I have now determined with utter certainty (no doubt whatsoever) which online pharmacy leaked my email address, causing the increase in junk mail. I have also determined that it had the potential for severe financial damage to me, had I been a bit less careful.

I am unable to say how the leak occurred, except to say that my computer has no virus or malware on it, and I have not used anonymous or public wi-fi in connection with this pharmacy. So the responsibility is 100% theirs, and there are several possible ways it could have happened, from a non-secure billing/payment system to a hacked computer system to unethical employees. I will likely never know. I will never do business with them again. I reported the breach to them and their response was wholly unsatisfactory.

At present I am unwilling to name the company here, for several reasons (though I do wish I could, even though they sent me good medicine as promised). However, the lessons are the same.

The lessons I strongly recommend that you learn from my experience are:
1. Use a unique email address & password for every different pharmacy you interact with. Use that email address for nothing else. It is easy to get free "disposable" email addresses from various online services.
2. Use a "strong" username and password, for both the pharmacy account and for your email, and which includes no element of personally identifiable information, but which does include mixtures of letters and numbers and symbols, upper case and lower case. Use no words which can be found in dictionaries or phone books.
3. Follow the above guidelines for all your internet purchases and all your internet websites. The crooks know that it is likely that you use the same name & password for email and banking and Ebay and Amazon and even your taxes. This is not to suggest that the merchants themselves are crooks, but rather that their employees may be ill-trained or incompetent or unable to protect your information, either in hardcopy or on the company computer systems.

Think about all those Facebook "friend" requests you get, and realize that they often come from your friends who may not realize that Facebook has accessed their email lists and buddy lists from other services to extract YOUR name. The same thing happens in companies. The secretary processing orders has a nice file of all the information on thousands of clients, and at lunch he plays an online poker game or something, which invisibly and without his knowledge harvests the data from these lists. Your data. The only way to save yourself is to use unique information for every company and site.

Because of the privacy and legal issues surrounding many online pharmacy purchases, these sites are especially targeted by criminals. I did not find a thread in the "general advice" forum that mentions this, but perhaps these pointers could be incorporated somewhere. Maybe they will help someone.

[QVC1212]

@Magician Fascinating material. Thank you Magician! I shall assimilate all of your distinct suggestions into my online practices, thereby hoping to prevent such an event from occurring to me. Some of the practices, such as unique and varied ID/passwords, I use already. It's interesting that you mention Facebook. I am somewhat dependent on FB for contact with certain friends, or else I would delete the account. But I have gotten friend requests from bill collectors seeking to gain access to my phone information, which they did. I had to delete the friend, and change my phone number and now pay a monthly service fee to comcast to keep it unlisted. Now I reject all friend requests unless absolutely certain that I know them in person. Ironically, I make friend requests to people I've never met in person all the time, just because I find them attractive or interesting.

@drboris I believe this is valuable information. I second Magician's motion to put it into the general help section, or somewhere where it would be read by more people seeking to learn about this unique and sometimes murky IOP world.

Would you re-consider your decision to share the name of the op? If you truly distrust them, it would be a gesture of beneficence to share the name with other members.

[semantical]

This is really helpful information for someone new to using online pharmacies, so thanks. I too have recently noticed a huge increase in the amount of spam I have been receiving, but I'm not sure I can link it back to anyone in particular.

I'll definitely follow this advice and be more careful in future!

[RxGuru09]

What horrible customer service. As if people don't get enough spam already, why would any respectable OP want to add fuel to the fire.

I think one should always read the privacy policy of any online pharmacy they order from. If the OP doesn't have a privacy policy in place, I don't think I would want to order from them.

Also, it's important to make sure any OP you order from offers SSL encryption on any webpage which deals with your personal information. You can verify if they use SSL encryption but looking for https:// in the address bar.

Finally, free e-mail accounts are easy to set up nowadays. I'd say if you're gonna order from an online pharmacy, you should use a newly created e-mail account and see if you get any spam to it after you place your order. If you don't get any spam after several weeks/months then you can probably trust the OP you ordered from and start using your real e-mail with them.

By the way, why don't you tell us which OP it was? I thought that was the purpose of these forums, to be the whistle blower on OP sites that do things like this.