Dentist Scam E-Mail Information

Recently (Monday, May 15th at about 4PM Central) we received about 25 e-mails requesting to be unsubscribed from... something. It certainly wasn't our monthly e-mail! Apparently someone had crafted two e-mails: one saying that they had signed up for an account on our website, complete with a correct link to our login page, and another that contained a bunch of broken image links and an obviously shady website link. From this, we gather the following:

  • There were quite a few auto-generated e-mails being sent out to random people.
  • Strangely enough, these e-mails were not being sent to our customers. (Which actually relieved me as that removed the possibility our e-mail contacts were compromised)
  • The reply-to fields on these e-mails were set to our e-mail address.
  • Half of these e-mails seemed incomplete... they contained a link to our website but not to anything malicious.
  • No actual new accounts were created on our website, so it wasn't just a bot spamming our system with logins using other people's e-mail addresses.
  • To the best of our knowledge, Eagle Engraving did not randomly join the field of dentistry.
So what happened?

Our best guess is that some random internet scammer attempted to use our company's name (along with a dentistry company) to send malicious links... in half of the e-mails. The other half, their intentions aren't so easy to guess.

Who did this?

Not having received any of these e-mails directly, we do not know. If we had more complete header information we might be able to pin down an origin but most likely they used a free account on GMail or another similar provider.

Why did people receive this?

Scammers on the internet were making an attempt to get people to click their link. Beyond that we have no idea.

Why is Eagle Engraving's name in this e-mail?

When generating an e-mail, you can specify a separate e-mail address that replies will be sent to. The scammers entered our e-mail address in this field, most likely to try to feign legitimacy. Why did they choose our company specifically though? No idea. Perhaps they thought pairing an engraved awards and gifts company could blaze a new trail into the dental industry? (Though we do some amazing stuff this story seems highly dubious. I bet they just had a dartboard with a bunch of company's names.)

So what do I do? I received one of these e-mails.

Don't click anything in it! Just delete it. As mentioned before, these e-mails seem not to have gone to any of our customers. If you were a customer of Eagle Engraving, you'd know how to contact us. And like a few people, you could always call us. We're very friendly and wouldn't mind straightening things out!

Even though these people may have your e-mail address, it doesn't seem likely that they would have infected you, merely added your e-mail address to one of their mailing lists. Regardless, if you are ever in doubt when internet security is concerned, change all of your passwords and ensure that they are up to a certain level of strength. You can test out your password on a strength checker such as Password Meter, or even on some password change pages.