I hope it's because I have small simple email and not because they want to steal it.
“We’ll be right over.”
Just include "not me!" In the verification email, dam it
Not jsmith, but kstrauser. Not Gmail, but Yahoo. And I still get banking docs, and HOA meeting minutes, and birthday party invitations, and Facebook logins, and other bizarre random stuff.
I have so many questions. I’ve typoed my address before and had to correct it. That’s understandable. But to wholly invent one and say, yep, that looks good even though I’ve never used it before, I’m sure it’ll be fine! I just don’t get it.
Some of the emails are really unfortunate stuff. "Your account was added as a backup address." - Then inevitably, a few weeks later, dozens of password reset emails. Sorry bud. I've received pay stubs. Orders and invoices. I get phone bills every month for someone in India. Its chaos.
Early on I'd sometimes reply to these random emails telling people they've got the wrong address. The most astonishing reply I ever got was from HSBC bank telling me I needed to come into the branch to change my email address. Over the course of a week, I explained about 3 times that that was impossible. That I live in Australia. That I'm not their customer, and its not my account. Eventually they told me they were disabling online banking on my account. Now I've given up replying at all.
Send emails into that pit of PII misery if you want. I don't read them.
>You send it to johnsmith@gmail.com
>You receive a new message, it says "Hey, can you please stop using my email address?"
>You're johnsmith@gmail.com, you only know that's the address that's being used
PD: I know that if he resets the password he can get the other address, but this scenario was funny in my head.
They may well be looking for targets.
A few months later, the owner of the u/batman account added my mail as password reset mail.
I looked up the account. It was hardly ever used in 15 years, mostly for once in a blue moon dropping in a random comment role-playing as Batman. It was not obviously anyone I knew. It looked like they were basically inviting me to take over the account.
That was actually a bit tempting, but then the owner, whoever they were, would know who I was, and I still didn't know who they were.
(For that reason I've changed the name, it wasn't Batman, but it was equally "I can't believe you got THAT as your Reddit username" rare.)
So I clicked "this wasn't me" instead. After a few weeks the account was deleted by the owner. It seems they were willing to burn a 15+ year old account with a super-desirable (to many) name in order to get me back to Reddit, and then when I refused they just deleted it. That was VERY weird, and I wish I knew what was going on.
great way to phish people without looking like a malicious, obvious actor
instead they look like idiots or rubes and you get a little too curious, and in ways that might be considered malicious (and potentially illegal).
I've had this happen several times... There's a lawyer I used for a dispute a few years ago, and they now have another "First Last" name that matches mine, and he keeps emailing me... my reply, "Wrong Michael, again..."
It's kind of annoying all around... I need to get off my butt and get a few things shifted, then just start relying on my own MTA again, instead of forwarding *@mydomain to my gmail to. I'll still wildcard the domain, but to a single mailbox on my own mta.
I'm not sure how bad the spam might get though... I've had a test account on my mta for a couple years and it hasn't really recived any... my wildcard accounts either... I use the wildcard so I can do things like walmart@mydomain, to see if/where an email address is sold/leaked from regarding spam.
