I hope we will be around for a while to come, but if Capital One had their way Saverocity would have been removed from the internet within 48hrs of today, simply for discussing them in posts ‘without official approval’.
It is a sad state of affairs when a site like this is threatened with closure for talking about a big bank and share information about the company to its readers, and it is actually rather ironic that the information we have shared to date has been generally quite positive, and we have sent them business based on our recommendations.
Capital One has engaged internet security firm RSA-AFCC to attack sites like this one and uses bully tactics to scare us into submission, interestingly the threats from RSA are so aggressive that Phishing emails have been built around them; they intimidate you so much you hand over the keys to the site, and all your personal information. My email was legitimate it seems, though I ignored it until they went around my back to my hosting company who informed me I had only 48hrs to ‘comply’ before they pulled my site down.
Here’s the email from RSA to me:
Dear Sirs:
RSA, an anti-fraud and security company, is under contract to assist Capital One in preventing or terminating online activity that targets, or may potentially target Capital One’s clients as potential fraud victims.
RSA has been made aware that you appear to be providing Internet Services to a site, which is abusing Capital One’s brand. This site http://saverocity.com/ not only violates Capital One’s copyright, trade marks and other intellectual property rights, but may also become a host to a phishing attack, or other fraudulent scams against Capital One and its clients.
The fraudulent website not only represents a misuse of Capital One’s intellectual property; its purpose is to mislead the Capital One clients. Our experience has shown that such sites become a host of phishing** and other fraudulent scams against the bank clients.
Please take all necessary steps to immediately shut down the fraudulent website, terminate its availability to the Internet and discontinue the transmission of any e-mails associated with this website. We understand that you may not be aware of this improper use of your services and we appreciate your cooperation.
We specifically would ask that you also take the following actions (if relevant or possible):
- Please provide us with a tar/zip file of the source code for this site, so that we may analyze it to help prevent further attacks.
- If any customer data has been captured that is stored on your systems or equipment, please send us that data so that the customers to whom that data relates can be notified and take steps to protect their credit.
- Please provide a copy of any records you maintain that indicate the name, contact information, method of payment or similar information that may be useful in helping learn the identity and location of the customer for whom the website has been operated.
Thank you for your cooperation to prevent and terminate this fraudulent activity.
Sincerely,
RSA Anti-Fraud Command Centre
Tel: +44 (0)800-032-7751 (UK)
Tel: +1-866-408-7525 (US)
E-mail: afcc@rsa.com**”Phishing” is an e-mail scam that attempts to trick consumers into revealing personal information—such as their credit or debit account numbers, checking account information, Social Security numbers, or banking account passwords—through fake Web sites or in a reply e-mail. As described in the letter above, the fake web-site through which the fraudster is attempting to collect Capital One’s customer data is under your responsibility.
This is, of course, complete and utter bollocks. It is a generic email designed to cause fear. I ignored it as such, but when forwarded onto my hosting provider the legal team emailed me; they said that once a case has been opened there is nothing they can do to stop it, and the only way I could keep Saverocity up and running was:
- Remove all images related to Capital One
- Remove all reference to the words Capital One
In other words, RSA sent me out a threatening email, accusing me falsely of acting fraudulently, and unless I delete every post that references Capital One my website will be pulled down by my host in order to protect them from any copyright infringement. I argued with the host that this was just not right, that it cannot be the case that a news site cannot talk about a company, but they wouldn’t budge through fear of liability. In their words, if I didn’t have an agreement to work with Capital One I couldn’t discuss them on my site.
I did think that this must be a phishing attack from someone claiming to be RSA, but that was irrelevant once the hosting provider decided to believe it, and then I was told I had to get RSA to clear my name in order for the host to keep the site up and running. After calling both the US and the UK offices of RSA I finally managed to get through to a human, we looked through the site together and he mumbled an apology, and all we could find was a photo of the Capital One Venture Card, which we agreed to take down during the call so as to give him something to say ‘case closed’.
Here is the reply from RSA-AFCC within minutes of our call:
Dear Matt and [redacted] team,
The AFCC confirms the removal of the offending contents and has closed the case against saverocity.com.
Matt – thank you for your quick action and cooperation.
The AFCC would like to apologize for the misleading email which announced a fraudulent involvement of the website www.saverocity.com.
The website in discussion did not host, nor hosting fraudulent content against Capital One.
Should you require additional information or have any questions, please contact us at any time.
Regards,
AFCC
Case closed, apparently… though the guys at my hosting provider haven’t confirmed receipt of that email (they were CC’d) despite my calling in, and the site could well be pulled down until someone gets off their arse to read it and close the ticket.
I think it is pretty disgusting that a company would come at me so aggressively, with a process that threatens the site, and that they demanded my source code, and any personal and private information regarding my readers. They got none of these, and never will. And it makes me think quite seriously about who is the villain here.
- Is Capital One trying to shut down blogs talking about them?
- Is RSA acting under direction of Capital One or is this their normal way of doing business?
- Is my hosting provider acting properly by threatening to pull the site based on the false accusation of RSA?
I like to keep all content here honest, and feel it is unfair that three large companies can conspire to threaten Saverocity based upon an ill thought out system and a spam like email to me. Bully tactics to censor will not prevail, and we will never spam you, phish you, or sell out to censoring ourselves to appease these companies.
Wow. Throw the book much. That’s very heavy handed and scare tactics. I am surprised that your hosting company did not even bother to work with you by looking at you site and/or ask RSA for more information and proof. That’s pretty unethical of them.
I am glad you got on this and resolved(?) it now. Let’s see what’s going to come out of it. See if you can get someone from Capital One commenting on this.
Yeah I was very disappointed with the hosting company, and with RSA – and I too look forward to hearing from Capital One.
Wow. That is completely outrageous. On my (former) blog, I would receive emails threatening to shut me out of an affiliate program if I used unapproved images, language, etc., and that’s annoying but there’s at least an argument to be made that belonging to an affiliate program is a privilege and not a right, and that banks are free to create whatever rules they’d like in exchange for the privilege. But to send a “security” firm that clearly knows nothing about intellectual property law (i.e., there is nothing illegal about referring to Capital One in a truthful, non-defamatory manner) to baselessly attack your site is just CRAZY. And if you were a litigious person, you might actually sue and have a viable claim. But can’t imagine it’s worth your time/resources.
I was really quite upset that they would come in that aggressively and then not only was it me vs them but me vs the host and them, completely out of line. I don’t know that it is worth the effort to litigate, but glad you brought up these points since you know more about the subject than I do.
Oh and we still need to do pints!
Yes we do!
Wow now theres a way for them to stop the msers!
But how are you now able to talk about this case and their name in this post?
And aside from that, dont we all have the right to post whatever the ff we want on our sites and blogs? You almost should have told them to f off!
I am able to talk about it because I think they were wrong and I am exercising my right to tell them they are arseholes. I was alerted to 48hrs notice this morning, it should be resolved but the site could still go down. I have backups in place in case that happens.
Wow! I do hope it is totally resolved and I can’t believe the chutzpah of their threats and demands for so much info. Sorry that it was such a time waster for you but it is enlightening to know this is going on. I hope the result is that lots of people find out about it!
Thanks Elaine, it was really over the top, and might not be over…
You might have your host check out this:
http://en.wikipedia.org/wiki/Section_230_of_the_Communications_Decency_Act
very cool – thank you for that. If they push back I will use it.
IMHO Time to look for a new host.
Yep, I was already looking and about to migrate to something more stable anyway, so this is just the icing on the cake for these guys.
I re read what they told you
Basically you are in trouble because theyve received “fraudulent” stuff that they relate somehow to your site? Like, some scammer read your site and is doing something to cap one and that somehow becomes your fault??? They even said you may not be aware stuff is happening. Well, if that is the case, why are you even involved? If my web site talked about a cc and someone defrauded it, thats got nothing to do with me. Fff them! Besides, “fraud” is such an over used and wrongly used term now.
From what I can gather it isn’t even that, the email they sent out is generic, they use scraping software to pull up Cap One content and send that message out to anyone automatically, without review. It is only when you challenge it that they say ‘oops’.
But RSA saying ‘oops’ sorry we made all that up has to now get through to my hosts legal team before the clock on my account termination occurs, else I get shutdown.
When I called the host to ask them to check their inbox (the apology email went to me and them) they refused to look into it and stated that sometime in the next 24hrs they would probably get to the email. They really don’t give a crap.
Really, this is as simple as a scraping tool picking up Captial One on my site and everyone being stupid about it.
We get similar notifications at work all the time in reference to DMCA (Digital Millennium Copyright Act) violations. We surmise the companies in charge of sending the notices are paid on a case by case basis – hence the number of notifications we get that turn out to be unwarranted.
What a hot mess! Why not publically out your hosting services? Maybe others use the same, and we may well terminate relationships…..
Looks like the hosting company is “Linode”
Linode are the new company- bluehost were the bad ones
Bluehost is terrible. They provided me my own password via chat once. Completely unsecure.
I’m sorry to hear about your experience. I have heard of companies that scrape info off sites and send these unwarranted emails out to scare you. They are paid based on cases they handle.
You’re protected in the US to freely express your opinion. You can however be told to stop using images that are copyrighted.
Just make sure you support the initiatives to keep the Internet free and prevent these corporations from stifling our ability to speak openly.
There are bills in the House floor that didnt pass but still pending that would give power to corporations to shut down companies using “trade secrets.” Basically the small guys get out litigated even though you’re correct. That’s the game they want to play.
*shaking my head*
Very scary. Very big brother is watching. It all seems so un-American (for that matter, un-British too, Matt)
Really upsetting. It can’t even be defamatory as someone above mentioned unless you’ve said something untrue. Just ridiculous. Makes me think less of them, not that I thought highly of them before.
can’t believe this is happening… in US… You would think only Russia will do things like this…
It is time to change your hosting company…
Also, use twitter to let more people know about this – the best way to fight back…
Fuck Capital One…..
You could be the lead plaintiff on a class action suit and make some $$$. Might be a faster route to riches than buying points for 0.9 cents each.