…but I didn’t, and didn’t spot that someone maliciously signed me up to Match.com in South Africa. They made up some registration information for me but used my real e-mail address. I ignored the initial “registration confirmation” e-mail as spam, but as the e-mails kept coming it occurred to me that this was no ordinary spam. So I tried to cancel…

To stop the mail I needed to sign in. But to sign in I needed my password, which of course I couldn’t guess. To get a password reminder e-mailed to me I needed to know my birthdate, which of course the hoaxer had made up, and I also had no way of guessing. Customer care offered to cancel my subscription for me, but only if I could confirm my postcode. Ha.

I’m just damned lucky GMail keeps a long archive of discarded mail. Going back through it I found this person had taken the trouble to sign me up, enter a profile (a woman named LeilaLee, thank you) and upload a photo over a 24 hours period, each step of which had been confirmed by an e-mail I had ignored as spam.

One moral of the story is that subscription services really should demand an e-mail reply to confirm sign-up. That’s another lesson that Dave can add to his series on “a basic guide to the Internet” (another lesson here). A second moral might be that when you offer your password reminder service, do be aware that the so-called security information might have been maliciously entered in the first place and therefore unknown to the user.

Anyway, single males will be disappointed to learn I’m now off the market.

And, no, I didn’t bother to look at the photo.

Tags: security, spam, hoaxes