The Canadian Internet Registration Authority (CIRA) manages .ca top-level domains and they are proud of the fact that few spam goes through any related email addresses. This has always been the case for me, I didn’t get any spam from a .ca domain, well, until the 2nd of February. I wasn’t happy.
This is what I found out about the spam:
- The company from which the spam originated haven’t been as communicative as they should be which has made it quite tiresome to resolve.
- The company did say they experienced a hack but didn’t say whether my details had been lifted from their system, I am waiting for that response.
- I found out that behind the company domain they are using the Google system. According to Spamhaus, Google is one of the worst ISPs for spam.
- There was a suspicious link in the email which went to a company called Beezer, they are a click-and-drag app development provider based in Scotland. With plenty of security and my VPN on I clicked on the link, and it looks as though the company I received the spam from has an account there, sub-domain and lots of branding. On the page it had a link to view a document, I clicked on that and asked me for a Microsoft username and password, obviously, I went no further than that. I’m not convinced it was actually a hack, the company could have uploaded my details to the Beezer system, without my permission, to do some testing.
- In the meantime, I have blacklisted the email address from until I am satisfied it won’t happen again.
There are certain protocols a company should use when their business email is hacked into. The company I received the spam from appears to be failing to follow these steps. There are many resources online including this one from Crazy Egg.