I have one of those email addresses that’s generic enough to be accidentally entered as I signed up for it with a particular service back when they first launched their email service. Without typing it out for all the world to see, it’s basically my name. It’s such a generic email address that I get sent all sorts of things accidentally. I wrote a blog post about it a while back, you should probably read that before continuing to read this one.
Since then, things have gotten worse. I’m not just getting people emailing me by accident, I’m also getting people signing up for things using my email address. This is absolutely baffling and utterly frustrating, primarily because I work in I.T. and take the following stance:
The earliest example I can remember of someone using my email was for a banking service in America. The bank emailed me to let me know that they had set up an account and would be using the email to send secure documents and passwords and the like. This is a bit like a mouse proclaiming that a lion’s mouth is the door to their new home and voluntarily walking in past the sharp teeth and into the stomach. A less scrupulous person would have possibly considered asking them to transfer monies to another account (their own) and then shut the account down. As it stands what I actually did was contact the bank and informed them that they had the email address incorrect. I can only imagine the embarrassment for the bank that this should have happened.
I had someone’s plane tickets come through to me once. I then had to send a support ticket to the airline to get in touch with the person as they presumably hadn’t received their tickets. I genuinely think this one was a typo instead of an act of ignorance.
We now move on to the situations where I genuinely believe that someone has signed up for accounts using my email address, presumably not thinking that it is a real email address.
The first occasion was for a Christmas messaging site. I can’t remember the domain but I believe it was a John Lewis thing or some such, a website where you could generate videos with messages to people. I think some kid signed up to the site using my email and naively just assumed it wasn’t a real address. Either way they locked themselves out (I know because I received the password reset emails) and then because I like to channel the spirit of Ebenezer Scrooge I reset the password myself, logged into the account and deleted it from the face of the earth.
The second notable occasion was for some body and health shopping website. I received the “thanks for signing up!” emails along with a load of newsletters for them I didn’t want. This one was dodgier as, once I’d reset the password and logged into the account, I discovered that the account actually had banking details and a street address! Rather than delete the account I changed the email address and password and then sent a text message to the person’s mobile using a free web SMS service claiming that the shop had had to reset the password due to a data breach. I also, at the suggestion of some work colleagues, sent a Gideon’s bible via a web service1 to their address along with the personalised message of “please stop using my bloody email address”. I actually have no idea if the text message or the bible got through or if the person ever got back into their account.
It had been a while since any incidents like this to the point where I actually had the fatal thought the other day of “it’s the end of the year and nobody has signed up for anything with my email address for once, how nice!”.
On boxing day I received an email from Apple informing me that Shannon Payne had signed into their iPhone 6+ using their new Apple ID. The staggering, baffling thing was that she had signed for an Apple ID using my email address. Even more frustratingly I was actually looking to sign up for my own Apple ID very soon as there are various iTunes exclusive tracks I need to add to my extensive music collection.
So I thought “that’s fine, I’ll just claim the account because it’s my frigging email address, delete all of her info and use it for my own nefarious purposes”. Oh ho, if only it were that simple!
You see, Apple are one of the more secure tech companies out there. While I managed to reset the password with no problems, Shannon had been prompted to provide three security questions! Bollocks.
Boxing day evening was spent on the phone to Apple support regarding a problem I had with an account I didn’t create2. To my pleasure the first support agent was as confused to the situation as I was, because why would somebody willingly sign up to something using somebody else’s email address? The chap put me on hold for five minutes and consulted an advisor. When he got back to me he had the following:
“It’s alright Mr. Payne, since Shannon doesn’t have access to the email address she won’t be able to verify that it’s her email. So you should be able to sign up for an Apple ID and you can then verify the email to your account as you actually have access to the email address.”
Brilliant! Makes sense. I confirmed that two separate emails had been sent to me already asking Shannon to verify and I had not clicked the links in either. Hanging up, I went to create an account…
…Only there’s another problem. The Apple ID is the email address. Because Shannon has already used my email address I can’t enter that email address as the one I want to use. It’s already been claimed. Frustrated, I got back on the phone to Apple support and explained to a second support agent the situation in reference to the ref no. of the support ticket I already had open. This support agent is just as baffled as the first as to why this Shannon lady has done this but confirms the advice of the first support agent.
“That’s fine,” I said, “but when does the email verification period expire? I have both of the verification emails and I have clicked neither link, but I also cannot create my own Apple ID with that email as it’s already been claimed!”
I reiterate the point that, as far as I’m concerned, this is a breach of privacy in terms of my email address. We’re now at a stalemate; I can’t claim the account because Shannon has locked it with security questions but she equally can’t get back into the account as I’ve changed the password! If anything the account should default back to me as it’s my frigging email address.
I just want to reiterate that I don’t want access to Shannon’s bank details or to do anything malicious like remotely wipe her phone. I just want control of any accounts that utilise my email address, mostly so I can lock them down or, if I don’t need them any more, delete them. Incidentally, I would happily reach out to Shannon directly, except there’s about 30+ Shannon Paynes on Facebook and, haha, I don’t know what her email address is as she keeps using mine.
As it currently stands Apple have had to escalate the issue to their engineers and one of them sent me a code I had to read out to confirm that it is my email address. I’ve noticed that the Apple ID can’t be logged into at the moment and I can’t reset the password on it so I guess they’re doing something with the account. Fair play to Apple, for a company I’ve always been cynical about their tech support seems very prompt and understanding. I’m quite impressed.
In these situations I find myself being made the villain. If I was actually a malicious hacker and complete bastard this is the ideal situation of people signing up to accounts using credentials I have control over. If I was a burglar it’s basically like building a house, filling it with expensive stuff and then handing me the master keys!
In the instance of the health shop, I even went to the lengths of sending a fake password reset SMS and all the while I’m thinking that this is probably the sort of tool a hacker would normally use to get into the account, not let someone back into theirs.
Except I don’t like being the villain, and I’m fed up of people using my email address, maliciously or otherwise. I’ve made the decision that I need to pick another, more obscure email address and start transitioning stuff over to it. I can still use my current email address and link the two but maybe I’ll make my current one a “public” address and stick it on the website for randoms and spammers to email me with. I’m pretty sure my email address was exposed when bit.ly got hacked a few years back anyway.
Here’s what to take away from my little anecdote:
If this was a YouTube video I’d probably end this with a sponsored link to a password manager or a VPN service5, but it’s not so I won’t.
Hope you’ve had a good Christmas and all the best for the new year!
Post by Sean Patrick Payne+ | December 28, 2018 at 10:30 pm | Real Life, Technology | No comment
Tags: Please just check what bloody email address you have typed before clicking send, Please stop signing up to shit with my email address
Return to Viewing Webpage