Tracking spam to its source
- 19 October, 2004 09:54
Finding mortgage-related pitches in my inbox was no big surprise. After all, loan-related spam has increased 42 percent over last year, making it the fastest-growing category of spam, according to research by NetIQ, an e-mail content-filtering service. But I was surprised to learn that big players in the mortgage business are behind these sometimes questionable pitches.
In an effort to understand the sordid world of mortgage spam, I responded to several of the many such messages that flood my inbox. I discovered that clicking and responding to these messages led to callbacks from well-known lenders like Ameriquest Mortgage and Quicken Loans (formerly owned by Intuit, but now a separate firm), as well as dozens of smaller legitimate companies.
What's more, most of these reputable firms had no idea they were tied to this growing influx of mortgage spam. When I followed the spam trail, I found the tracks sometimes led to legitimate lenders.
Biting the Bait
I checked out a typical loan pitch. Its subject line was "shopping for (mortga.ges) made easy usxdpukzsp" with a return address of firstname.lastname@example.org, which is the kind of wording typical of mortgage spam. The unsolicited message failed to comply with the federal Controlling the Assault of Non-Solicited Pornography and Marketing law because it lacked a functional return e-mail address, a postal address, and an option to unsubscribe.
I clicked on a link in the body of this e-mail and was whisked to a Web site with the URL http://dpeqckaqxvpqrttthvz.koqnophr.com--and which is no longer functional. I filled out the form using a particular street address and a phone number. Three weeks later, a representative of Quicken Loans called to ask whether I was still interested in refinancing a loan for the address I gave.
How the heck did a reputable company like Quicken Loans get mixed up with such a blatant spammer? When I contacted the company later, a Quicken Loans representative said he wants to know how it happened as well.
"This is the kind of thing we are against," says Bryan Stapp, vice president of marketing for Quicken Loans. "We will look into this immediately."
Quicken Loans later told me the mortgage lead came from Go Apply's GoApply.com, a company with which Quicken Loans had a business relationship. GoApply.com was "fully aware they (were) in violation of their contract with us and we have suspended all business with them," a Quicken Loans spokesperson says.
Follow the Spam Upstream
Quicken Loans uses what are known as "lead generators." These companies build lists of mortgage seekers and sell the names to big firms looking for new customers. Lead generators typically invite prospective borrowers to fill out a mortgage application online and promise they will be contacted by lenders.
But Stapp says lead generators sometimes subcontract the task of gathering data, or buy lists from third parties of unknown origin. That's what he suspects happened in my case. "We have very strict contracts with lead generators about how they can gather names," he says. "E-mail is not an acceptable marketing technique under the terms of our contracts with outside lead-generating firms."
I answered a few more unsolicited mortgage pitches, each time using a different address so I could later match the spam message with the mortgage company that called me. One solicitation came from a Massachusetts mortgage broker who clearly had gotten my contact information from a spam message that I answered. The rep acknowledged paying US$22 to a lead generator for my name and phone number. Prices for good leads can even go higher.
"We pay as much as US$80 a lead," says Elliot Nadel, a loan officer with New York-based Worldwide Capital Mortgage who contacted me after I answered a spam message. In a follow-up interview, the firm's owner, who didn't want to be identified, said he doesn't like the fact that money he pays for leads goes back to spammers. "It doesn't make me feel good. But it's not like I'm killing someone," he says. He adds that he can get a refund from a lead generator if a lead turns out to be bogus.
Mortgage lead generator MLeads sold my name to a Massachusetts mortgage broker who then contacted me. I'd gotten onto its list by answering an e-mail message (which didn't comply with CAN-SPAM). The mortgage broker I spoke with says she often calls people only to get yelled at for sending them spam. "People don't understand how the system works," the mortgage broker says.
Bad mortgage leads from MLeads resulted in Quicken Loans "terminating" a contract with the firm last year, Stapp says. "We found MLeads violated our contract," he says, explaining that Quicken Loans ended the relationship because MLeads turned out to not to be generating leads itself, instead relying on third-party firms that used bulk e-mail.
Representatives from MLeads didn't return my phone calls. Other mortgage brokers I spoke with say they are happy with the company. They explain the industry average is that about 20 percent of leads are no good--and MLeads refunds firms for bad leads.
By quizzing the mortgage brokers who called me, I was able to determine whether they'd obtained my contact information from a spammer. One call that stemmed from a spam message came from a mortgage broker who said he bought my name, physical and e-mail addresses, and phone number from lead generator Neighborhood Loan.
When I asked a representative of Neighborhood Loan how it got my name, I was told the lead traced even farther back to a company called LinkShare, from which Neighborhood Loan bought my name.
LinkShare is an advertising company that has developed a network of so-called affiliate marketers. LinkShare acts as a kind of matchmaker, pairing companies that are looking for mortgage leads with people who can provide leads. But sometimes, some of the people who claim to be able to find leads do so by working outside of LinkShare's company policies--that is, relying on spam marketing.
Stephen Messer, LinkShare chairman and CEO, says his network does not have a problem with rogue affiliates. "Does it happen occasionally? It does," Messer says. "Like all things in life, there are people who do stupid things."
He says he goes to great lengths to police the 11 million transactions that take place on his network every day. "The problem of spam is bigger than LinkShare," Messer says. He blames the scourge of mortgage spam on lax enforcement of existing antispam and fraud laws.
Messer says LinkShare has strict policies against e-mail marketing that does not comply with CAN-SPAM. He says that the company works diligently to weed out the bad apples, but finds that they are an unfortunate fact of life--and the loan business.
Affiliates hide and thrive in the multitiered layers of Internet relationships, I'm told. It's not unusual for a mortgage lead to be resold five or six time before it lands with a reputable broker. This makes tracing it back to the original spammer all but impossible.
Spam Adds Up to Cash
The industry group the Mortgage Bankers Association estimates the market for mortgages, mortgage refinancing, and home equity lines of credit will be worth US$2.5 trillion by the end of the year. With a market this large, it's no surprise that companies are willing to spend what it takes to find mortgage seekers.
How much mortgage spam is out there? Estimates vary. NetIQ lumps mortgage spam in the "special offers" category, which at 21 percent of all spam is the largest category. Meanwhile, spam-filtering firm MXLogic says only 10 percent of all spam is mortgage-related; but that still represents the second largest category of spam behind health-related spam, at 20 percent.
Meanwhile, we keep deleting mortgage spam from our inboxes. Until the industry does a better job policing how lenders obtain leads, mortgage spam will continue to flood in.
The good news is that questionable mortgage pitches delivered to your inbox are easy to spot and filter out--for now. As spammers find more clever ways to get mortgage seekers to punch in their name, address, and phone number, we need to stay alert. One way to guard against these solicitations is by using spam filters effectively. And to make sure you're not handing your personal information to the wrong person, use one of a growing number of anti-phishing tools.
Tip of the Month: Opting Out Isn't Always the Answer.
You should not automatically opt-out from unfamiliar e-mail. Unscrupulous bulk e-mailers have devised a cunning new way to get you to download sneaky programs without your consent, say experts at MessageLabs Ltd. The scam works by tying opt-out links in e-mail messages to Web sites that are designed to automatically download Trojan horse programs onto your PC. Some nasty tricks include opt-out links that download keystroke-logging programs that track how you use your PC, and software that can turn your PC into a spam-spewing zombie.