We are spammed relentlessly but when Aussie Home Loans and Accredible spammed Andy Schmulow, they bit off more than they could chew. Andy shows us how to bam the spammers.
Spam. We all hate spam. We all hate spammers. Here are a few examples and what I have done about them, and you can do too.
First off, Aussie Home Loans. This is an Australian company, owned by Lendi, which in turn is majority owned by Commonwealth Bank.
On 6 November 2023, I received a spam SMS message to my mobile phone from one Chris Carstens at Aussie Home Loans. Now that’s bad enough. I never give permission to get spammed to my mobile. In fact, I am extremely circumspect about whom I even give my mobile number to. For example, why the hell do I have to give my mobile number and all my other details just to order something on a menu in a pub?
But what made the spam from Aussie and Carstens one step above a war crime is that I had only ever had one meeting with the man, on one occasion, once, twelve years ago! Yes, you read that correctly. Twelve years ago! At the time, I decided not to proceed with Aussie and never became one of their customers (thank god almighty).
For twelve years, these creeps at Aussie have hoarded my data, with neither my knowledge nor my consent. Then, on top of all of that, being idiots, they then made the mistake of spamming me.
Big mistake Aussie!
Aussie is subject to the Spam Act (Cth) 2003 and the Privacy Act (Cth) 1988. That makes it illegal for them to have spammed me, and it is a breach of Australian Privacy Principle (APP) 11.2 for them to have hoarded my data – the data of someone who has never been one of their customers – for over a decade.
I’ve tagged their CEO, David Smith, and their General Counsel, Nicole Johnschwager, and neither have bothered to respond. Their privacy officer (who remains nameless) has failed to respond to my demand that they explain what the heck they were doing holding onto my data for over a decade.
And the question matters. Every company that holds your data puts you at risk. Risk of identity fraud. And every company, like Aussie, that creepily hoards your data forever, puts you permanently at risk. I’ve reported them to ACMA (for breaches of the Spam Act) and to the OAIC for unauthorised retention and unauthorised use of my data.
I will be seeking damages from them, and publicising the result. Because unless it costs Aussie money, and unless they cop bad publicity, they won’t give a damn. Smith and Johnschwager are evidence of that.
Next, there’s Accredible. This is a company you want to be very very careful of. They’re based in California, and they are absolute shockers. First, in violation of our Spam Act, and the US CAN-Spam Act, they tried a really shifty move. They emailed me to my university email address, trying to get me to buy digital certificates, and using a pre-existing relationship with Wollongong University as bait.
All of which is irrelevant. It’s a breach of Schedule 2, s4(d)(ii) and (e) of our Spam Act to send an unsolicited commercial email to someone by harvesting their email address off the web unless it is exactly within their job description to receive such an advert. I am a law professor. If they gave a rats about respecting Australian law they would have known that they were not allowed to send me that kind of spam.
But what is of more concern is that it is an attempt to test the waters, put out feelers, and have a poke around to see if there is someone they can ‘influence’. Someone who, in turn, will ‘influence’ the proper procurement processes that ought to be followed in a public Australian university, funded by the public purse.
They know this. They tout their dealings with other universities. They know that in a massive machine like a university, there are proper procurement protocols that must be followed. They know as a law professor I am not remotely involved in anything to do with the purchase for the university of digital certificates. I don’t even know what a digital certificate is!
We’ll save you!
Let’s call this for what it is: it’s an attempt to subvert and suborn our corporate governance. It’s an attempt to sow corruption. In my discussion with a senior and very experienced compliance executive, this was exactly his sentiment! And moreover, and crucially, a company that will not respect the law – like Accredible – cannot be expected to respect your data!
I emailed them – Sebastian Thorpe, Alan Heppenstall, their Privacy Officer, and Danny King, their CEO, and took them to task for their contempt for our law. They promised a response from their legal department. That was over a month ago. Not heard a word. Because there’s not a word of an excuse they can come up with. I’ve held them accountable in my posts on LinkedIn.
A couple of days later, someone – someone – started signing up my email address to spam sites and sites selling sex toys. It’s a meaningless act of vandalism. My IT department has spam filters to keep all that garbage out. But these websites were signed up during business hours in California, where Accredible is located. The similarities at least point to a reasonable suspicion that they are involved. I have lodged a complaint with ACMA and the US Federal Trade Commission. I am chasing up the IP Addresses and if I can show its them, I’ll hand them over to the FBI.
But the point is this: Accredible tried to corrupt me in my role in a public institution. We can stand up to this. We can resist this. We are not powerless. We are not helpless. We can build better. We can be more ethical. We can fight back. And it starts now!
Happy New Year to Accredible and Aussie Home Loans. I have a great big box of accountability just for you!
Andy is a corporate governance expert and Senior Lecturer in the Faculty of Law, in The University of Wollongong, admitted as an Australian Legal Practitioner in the Supreme Court of Victoria, an Advocate of the High Court of South Africa, and the Principal of Clarity Prudential Regulatory Consulting.