Proficio.com was quietly added to Errata: Spam already, but without the backstory. With a new round of spam, it is time to explain just how crappy their marketing practices are.
The first spam was sent to me at an email alias that was setup specifically to register for a product download on a vendor's web site, and not that of Proficio. The only way they could have gotten that email address in my mind, is if the original company shared it. So I asked a friend there, and he did some digging. Ultimately, he confirmed that his company did NOT share that information with Proficio. That means they likely got the list of email addresses from an employee at the original company, possibly one that was leaving for good. If not that, then they purchased it from someone who used illegal, or at least questionable, methods to obtain it. Since I didn't want to drag the original company into the fray, as they did nothing wrong, Proficio was posted without the backstory.
After receiving the first spam, I emailed Jennifer Michaels at Proficio and asked where she got the email address. She didn't reply. Four days later, I replied again and said they would be added to this page for not replying, and they continued to remain silent. Almost a month later, they were added and told about it, so I moved on thinking all was good.
Feb 5, 2013, I get another marketing mail from Proficio, this time to my jericho@ address. That means they are using standard email scraping or purchased a list from somewhere, as I know I never opted into their mails, let alone from that address. Instead of just replying to Jennifer, I replied to everyone under the son which seems to have worked, as Alex Foster, Marketing Program Manager replied apologizing and offering to remove me from the lists. After posting this, I certainly hope this is done, and that Proficio shapes up. Unethical marketing practices like this don't belong in a supposed industry of integrity.
From: Jennifer Michaels (jmichaels@proficio.com) To: jericho-attrition.org Date: Tue, 05 Feb 2013 18:20:44 -0500 Subject: Webinar Series: 2013 Top Security Issues Hi Brian, Please join us for the second in our series of webinars on The Top 2013 Security Issues. If you missed last week's webinar on the results of our survey of 200 IT security professionals, you can still download the slides and find out what issues will be keeping people up at night in 2013. DOWNLOAD HERE: http://www2.proficio.c[..] This Week's 20-Minute Webinar - Insider Threats Insider Threats were rated to be the most concerning security threat in 2013. Examples of insider threats include disgruntled employees seeking to harm their employer, or consultants who unintentionally breach an organization?s confidentiality. Insider activity can be much more difficult to pinpoint than conventional external activity as insiders have more privileges than an external attacker. Next week we will cover Next-Generation Malware and Patching Security Vulnerabilities. Each 20-minute session will discuss the nature of these threats, best practices for organizations to identify and respond to them, and include a live demo of how Proficio's ProSOCTM portal highlights these alerts and drills down into the related event logs. REGISTER ONCE HERE: http://www2.proficio.c[..] Webinar Details: Insider Threats: Thursday, February 7th, 2013 10:30-10:50am PST Next-Generation Malware and Patching Security Vulnerabilities: Thursday, February 14th, 2013 10:30-10:50am PST Presented by: Brad Taylor, CEO, Proficio Inc. http://www2.proficio.c[..] http://www2.proficio.c[..] http://www2.proficio.c[..] http://www2.proficio.c[..] Proficio 16390 Bake Parkway, Suite 100 Irvine, CA 92618
After reviewing the previous mails, which I didn't do before replying, I realized that I had not complained from jericho@ originally, so that part of my mail is incorrect.
From: security curmudgeon (jericho-attrition.org)
To: Jennifer Michaels (jmichaels@proficio.com)
Cc: info@proficio.com, sdsales@proficio.com, sfsales@proficio.com, azsales@proficio.com,
btaylor@proficio.com, tmcelwee@proficio.com, jhumphreys@proficio.com,
mbarth@proficio.com, moleary@proficio.com
Date: Tue, 5 Feb 2013 17:41:37 -0600 (CST)
Subject: Unethical Spammers (was Re: Webinar Series: 2013 Top Security Issues)
On Tue, 5 Feb 2013, Jennifer Michaels wrote:
: Hi Brian,
:
: Please join us for the second in our series of webinars on The Top 2013
: Security Issues. If you missed last week's webinar on the results of
: our survey of 200 IT security professionals, you can still download the
: slides and find out what issues will be keeping people up at night in
: 2013.
Are you serious?! After the last round of complaints abour your unethical
spamming (Nov, 2012), you add the address I complained from (different
than the one you originally spammed me on) to your list, and spam me more?
I opted not to add you last time, because I respect the company you got my
email address from. This time, you are on your own.
Welcome to Errata. You can look forward to being added to
http://attrition.org/errata / http://securityerrata.org/ later this
evening.
- jericho
From: Alex Foster (afoster@proficio.com) X-Originating-IP: [76.102.150.177] To: "jericho-attrition.org" (jericho-attrition.org) Date: Wed, 6 Feb 2013 01:22:35 +0000 Subject: FW: Unethical Spammers (was Re: Webinar Series: 2013 Top Security Issues) Good Evening Brian, My name is Alex Foster and I am the Marketing Program Manager at Proficio. I wanted to personally reach out and apologize for any inconvenience this email may have caused. I assure you we are a legitimate company and this event is strictly educational. I will personally ensure that you don't receive any additional email from us if you would provide the email addresses and aliases you want removed. Again, please accept my apologies. Regards, Alex Foster -- Alex Foster | Marketing Program Manager | Proficio Inc. afoster@proficio.com | (650) 521-4557 | skype: alxfoster
From: security curmudgeon (jericho-attrition.org) To: Alex Foster (afoster@proficio.com) Date: Tue, 5 Feb 2013 19:31:44 -0600 (CST) Subject: Re: FW: Unethical Spammers (was Re: Webinar Series: 2013 Top Security Issues) On Wed, 6 Feb 2013, Alex Foster wrote: : My name is Alex Foster and I am the Marketing Program Manager at : Proficio. I wanted to personally reach out and apologize for any : inconvenience this email may have caused. I assure you we are a : legitimate company and this event is strictly educational. I will : personally ensure that you don't receive any additional email from us if : you would provide the email addresses and aliases you want removed. It doesn't matter if the event is educational, it is promoting and advertising your company. There is value in marketing, as evident by your job title and salary. As I mentioned, this is not the first time I have received your unwanted email. The first time, it came into an address that I used exclusively on the rapid7.com website when downloading a copy of their software. I asked Jennifer Michaels back then where she got the email address, and she ignored me. Rapid7 would not clarify if it was shared with Proficio, or if you had obtained it through another manner (e.g. purchasing it from someone who had obtained it illegally). When I complained to her, I did so from this address, and she added it to your marketing list instead of answering my question and ensuring that I was removed. That is extremely unprofessional behavior on the part of Michaels and Proficio. I will take you up on your offer though; please remove ANY address from attrition.org from ALL of your marketing lists. Thank you, - jericho