I’m a big fan of online networking to find new writing work. Earlier today, I received an invite to a new site, Remote.com. It looked like a promising resource.
I was wrong. Don’t sign up to Remote.com.
Remote.com has the glossy graphics of a reputable social network. But without my permission, it sent spam emails to every contact in my Gmail address book.
It’s not just me. And it didn’t happen because I clicked the wrong button by mistake. Read this article by K. J. Dell’Antonia; it describes the exact same experience I had with Remote.com.
Incidentally, Remote.com (which was founded by Nick Macario of dock.io) appears to be a rebranded version of outsource.com.
Spamming Your Contacts Not Once, But Twice
Remote.com looked like an interesting site to be listed on while I’m looking around for new blogging and tech writing projects. And my interest was piqued because my invite appeared to come directly from Daniel Threlfall:
Looks legit, right?
But as soon as I completed my profile, I got an email invitation to one of my other email addresses. Uh-oh. Within minutes, my husband got one as well.
I then got emails telling me that other people had signed up to Remote.com, essentially spammed in my name.
It’s unclear to me whether the contact information was harvested from LinkedIn or Gmail. However, I suspect that it came from Gmail’s OAuth access, because my alternative email address isn’t associated with a LinkedIn profile.
It’s possible Remote.com spammed both. Wow.
I contacted the support team at Remote.com, through its expensive Intercom live chat tool, to ask why my contacts had been spammed. Vanessa responded as follows (emphasis mine):
“When you import your contacts we do send out an initial invite email and a follow up 7 days later but we don’t send anymore after that.”
So — two sets of spam emails? Oh, great….
What to Do if Remote.com Caught You Out
I sincerely hope that this email will catch the eye of people I’ve unwittingly “signed up” to Remote.com.
If you haven’t signed up, don’t click the link in the spam email you got with my name on it. I’m sorry about the spam, I really am, but I didn’t approve it.
If you want to sign up, I recommend that you don’t link your Gmail or Facebook account to Remote.com; that appears to be the source of the emails used for spamming in my case.
If you have signed up:
- Don’t complete your profile: filling it out seems to be the trigger that sends the spam
- Delete details you’ve added already: you could change yours so something fun, like “SpamBot 2000”
- Disconnect your Google account: revoke permission by visiting apps with access to your account (search for Remote.com in the list)
- Prepare to write some apologetic emails
- Get in touch with the Remote.com support department; ask that they delete your Remote.com account, and make it very clear that you do not give permission for any more emails to be sent out in a week’s time
- Don’t click any user profiles or “People You May Know” boxes; they are designed to make it look like those people are already members, but I suspect they aren’t, and clicking one of these icons may send out more invites.
I have asked Remote.com to delete my account. However, I’ve read reports that this can take weeks. In the meantime, all you can do is unsubscribe to their emails.
Thankfully, tardy account deletion is one of the many shady tactics that the GDPR should curb.
Truly, Madly Sorry
I’m furious about the spam that’s already been triggered, but I hope this blog explains what’s gone wrong, and why you shouldn’t click the emails.
Hopefully, it will also make the point that this kind of friend spam won’t be tolerated by conscientious users, at least until the GDPR is in place and appropriate fines are handed out.
More information about Remote.com:
*I have deliberately not added hyperlinks to Remote.com or its associated sites.