Jump to content

Spammer using geocaching account to send spam


Team Microdot

Recommended Posts

I noticed today that I had a Found log on onw of my difficult puzzles.

 

The log simply states:

 

Visit this link on your mobile for Free Premium!!! (visit link)

 

The link itself is a bit.ly redirect to who knows where - I'm not clicking on it in any case.

 

The account in question has 1184 finds.

 

Today they found caches in:

 

Germany

 

California

 

Canada

 

New Jersey

 

Belgium

 

Iowa

 

France

 

Minnesota

 

Alaska

 

Florida

 

Norway

 

Australia

 

England

 

Virginia

 

to name but a few...

 

Not seen this sort of SP@M before but I'd say that account needs shutting down pronto.

 

I didn't study all of the logs - obviously - but some are just TFTC logs and some include the SP@M message.

 

How do I report this to Groundspeak in a manner which allows me to disclose the account name without making it public?

 

Can Groundspeak delete all the logs by this obviously fake account or will the CO's in question have to do it?

Link to post

I noticed today that I had a Found log on onw of my difficult puzzles.

 

The log simply states:

 

Visit this link on your mobile for Free Premium!!! (visit link)

 

The link itself is a bit.ly redirect to who knows where - I'm not clicking on it in any case.

 

The account in question has 1184 finds.

 

 

It looks like the spamrun is still going on with almost 1700 founds. However, I looked at the log in Belgium and there's no link, just TFTC.

 

The link on your cache redirects to mobverify _ com and a lot of (random) characters behind it (I have NoScript so no content was displayed)

Link to post

It's up to 1716 Finds now. Lots of archived caches, too. It might be making the "TFTC" logs, then changing it to the link. That link goes to a page that says "Geocaching / Verify", with matching green bar and all. Quite a complicated Bot this time.

 

Contact Geocaching.com: http://support.Groundspeak.com/index.php?pg=request

 

Request that they LOCK spammer accounts. Be sure to verify that it gets locked.

 

[EDIT: It lost a few finds while I typed this.]

Edited by kunarion
Link to post

Looks like logs are being deleted already.

All US states, 42 countries all in 1 day.

 

Member Since: Monday, 16 February 2015 all logs today (sleeper spam account)

 

It's locked already

Are the Spam links gone?

Link to post

Are the Spam links gone?

 

Some logs I checked don't have links others have.

 

Mass delete of these logs is in order as there are always people clicking them and I suspect phishing thus opening up other accounts for this spam.

Link to post

But - unfortunately - watched of the caches, those with notification bookmarks for the caches, and those with instant notifications that would have had these caches...

 

... all would have received the email and the link.

Link to post

Well, I was one of the owners who received a found on an archived cache. I was a bit astonished, but sometimes I get such logs, because of account splitting, or sometimes people just log their found quite late.

 

But my cache was archived in 2012, and so I took a closer look at this account. He then had about 600 founds, all from yesterday's date, and all over the world. Because I still have the logbook and knew he never has been here I just deleted this log, which means I don't know if there was a change from the "Tftc" to a link.

 

When I saw after a while that he had more than 1000 founds, I thought I might contact Groundspeak. I used "Log deletion" as topic (normally it should be used for different problems, as I've found out), and when I took a look at the account later, I've seen that it was locked and the founds all gone. What still remains are the souvenirs.....

Edited by heike_hgw
Link to post

I've just had a fake log with a spam link attached. user was http://www.geocaching.com/profile/?guid=7ff48eca-4ee1-4574-9318-8c30790cb714

An unvalidated account. Why let someone use the system without allowing them to verify? It obviously won't remove the problem completely but it might help.

Wow. That was a lotta Countries and States visited in one day...

Link to post

I've just had my second such log in 30 minutes and I know of other people who are getting them. This time from http://www.geocaching.com/profile/?guid=b903de55-7aed-43b8-a79a-e99a8f0d1d56

Also an unvalidated user who signed up today and has 100 finds in many countires.

 

If this continues I'll be wasting more time checking logs.

 

Groundspeak needs to tackle this ASAP

Edited by duncanhoyle
Link to post

Just deleted two logs from usernames like Brock1234 and Dave2345 where the caching name was a first name followed by a four-digit number. Each with 100 finds today from all over the world, and with a link to a puzzle cheat site in the log. If you click the cheat site URL, you're taken to a mobile-only website that demands you download and run a game for 30 seconds. I'm assuming these are fake "finds", and some spammer is trying to drive traffic to his ad scam site.

 

Further similar logs will be deleted immediately.

Link to post

3 of my caches had false logs today, from 3 different user-ids (Sanford2925, Dennis1846 and Pacheco4957). The ids were all set up today and had recorded ~100 finds from all over the world. I just deleted the false logs. It would be useful to eliminate this irritant permanently.

Link to post

I also received a notification that a cache of mine (GC3Y2TF) had been found today by a new cacher that had 100 finds today from all over the world.

 

It said:

I quite liked this cache!!TFTC-----Found with cheats from gcpro.co.uk

 

My wife said that a Facebook group "You might be a geocacher if" is flooded with reports of this same thing.

Link to post

Yep, I got the same on one of my caches. This problem and a lot of other big issues we as cache owners are having would all go away, or be significantly reduced if Groundspeak would validate email addresses of new geocachers before allowing them to have an account. But that's never going to happen, is it?

Link to post

In a sad sort of way, I'm almost glad to see this happening. There are SO many other reasons that annually validated email addresses would help both us and gc.com (we could talk about their mailing list being so bad that ISPs throttle their mail, among others). Perhaps if there is enough of this truly inconvenient activity occurring, SOMEONE at gc.com will move this from their 'to do list', which I understand is the case now, to a 'Let's bite the bullet, quit fiddling with inconsequential features at the margin, and just get this DONE!' list.

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...