Cold emailing (to generate sales leads) still creepy in 2024

Image via Pixabay.

I received an unsolicited email from an IT outsourcing company earlier this week. It was sent to an email address belonging to an organisation in which I have a casual client service role completely unrelated to IT. My email address has only been used for internal communication, but follows an obvious format. Creepy: they clearly harvested my name to construct my email address. They have no idea what my role is in the organisation. How many random others did they spam in the organisation?

The email started off by saying how they have noticed our organisation going through some strategic changes, and wished to offer their IT audit and infosec services. Creepy: stalking behaviour, assuming we haven't got our shit together, and assuming we would let some unknown entity access our mission-critical infrastructure on the basis of one spam email. The email domain/name of the company also sounded spammy as it used an obvious phrase. Creepy: infosec risk triggers.

The email sent on to describe one of their successes (good for you) and asked if Tuesday or Thursday would be a good time for them to do quick IT audit. Creepy: WTF?! This is assuming a lot. I could be anyone. Assumptions of strangers seem particularly risky to me. If I were a person in authority, and I let a random company access my IT systems on the basis of one unsolicited email, what does that say about my security awareness?

The email ended with a PS asking me to let them know if I were not the right person to speak to. Creepy: unconsidered spray and pray marketing, and expecting me to do their work for them by handing over privileged information. I don't know you, why should I reveal anything about my role or the names of others in my organisation?

The icing on the cake - the URL to their website (which appeared one line above the sender's email address) had a different domain to their email address. Creepy: more spam vibes.

The company appears to be real and staffed by nice people. Very unfortunate. I wonder how successful this business development strategy is for them? And how many spam/block lists have they made it onto?

Update three weeks later

Clearly, the previous spamming did not work that well. There is now a follow up.

They wanted to “send a final email before I stopped [sic] chasing you up.” How authentic and considerate, not. The grammatical error continued the spammy vibe.

They wanted to “grab 15 min of your time this week or next? If not, then let me know if there’s a better time later this month or even this year.” Such confidence in making assumptions upon assumptions. Such entitlement. Such desperation. Perhaps this is (inept) reverse psychology at work? Creepy and disrespectful. Both are clearly desirable qualities of an IT services company.