The dangers of social spam.

Inside the Internet.
Sept. 23 2009 11:12 AM

Your Gullible Friend Has Sent You a Photo!

The dangers of social spam.

(Continued from Page 1)

The damage caused by ViddyHo, as with WeGame, appears limited to embarrassment. Hoan Ton-That, the site's San Francisco-based creator, told me in April that he didn't mean to auto-invite people's entire address books, though the fact that he has a new site with similar ambitions is not heartening. But there's nothing preventing the next ViddyHo from doing more damage, logging passwords and contacts for more sinister purposes.

Like any good scam, social spam exploits our trust—the belief that our friends wouldn't invite us to join a site with bad intentions. Versions of this trick have been around since the height of AOL Instant Messenger's dominance, when I would occasionally get IMs from friends with purported links to articles about Osama Bin Laden's capture. (I clicked on that one.) But the rise of social networking has made these scams even more convincing. I have a feeling most of the victims of the WeGame e-mails were more absent-minded than gullible. We decide we're going to register for some new site and then go into autopilot, typing in whatever we're asked for in the fields. After all, we've done it a thousand times before without incident. (One victim at Wesleyan claims to have been on the phone while absently clicking through the motions and ended up infecting her best friend's mother.)

It's easy to imagine how social spam could wreak real havoc. Imagine a site—vouched for in a friend's e-mail message, naturally—that asks users to provide their e-mail address as a login, then prompts them to set up a password. It would then be elementary for the wicked Web site to check whether this e-mail/password combo opens the user's Webmail account. Considering how often people use the same password for all of their Web transactions, I bet that simple scheme would work a lot of the time. Once the Webmail has been cracked, the wicked Web site could send invitations to everyone in the contact list—and plunder the inbox for valuable goodies like bank account information or Social Security numbers.


If WeGame and its ilk continue to proliferate, it may fall to the Webmail clients to place extra protections on how outside sites can mine contacts. "We don't approve of third-party sites handling their users' information in this way," a Google spokesperson told me, adding that "in some cases we may take more proactive measures to identify and block the spam."

WeGame doesn't actually send mail from users' Gmail accounts—it just sends all your contacts e-mail with your name in the subject line. On account of that, the best Google could have done immediately would have been to block e-mail that came from WeGame. In the meantime, a quick, finger-wagging PSA: The rise of social spam is yet another reason to practice safe surfing. Think twice whenever a site asks for your Webmail password. And for the millionth time, don't use the same password for everything.



Slate Plus Early Read: The Self-Made Man

The story of America’s most pliable, pernicious, irrepressible myth.

Rehtaeh Parsons Was the Most Famous Victim in Canada. Now, Journalists Can’t Even Say Her Name.

Mitt Romney May Be Weighing a 2016 Run. That Would Be a Big Mistake.

Amazing Photos From Hong Kong’s Umbrella Revolution

Transparent Is the Fall’s Only Great New Show

The XX Factor

Rehtaeh Parsons Was the Most Famous Victim in Canada

Now, journalists can't even say her name.


Lena Dunham, the Book

More shtick than honesty in Not That Kind of Girl.

What a Juicy New Book About Diane Sawyer and Katie Couric Fails to Tell Us About the TV News Business

Does Your Child Have Sluggish Cognitive Tempo? Or Is That Just a Disorder Made Up to Scare You?

  News & Politics
Sept. 29 2014 11:45 PM The Self-Made Man The story of America’s most pliable, pernicious, irrepressible myth.
Sept. 29 2014 7:01 PM We May Never Know If Larry Ellison Flew a Fighter Jet Under the Golden Gate Bridge
Dear Prudence
Sept. 30 2014 6:00 AM Drive-By Bounty Prudie advises a woman whose boyfriend demands she flash truckers on the highway.
  Double X
Sept. 29 2014 11:43 PM Lena Dunham, the Book More shtick than honesty in Not That Kind of Girl.
  Slate Plus
Slate Fare
Sept. 29 2014 8:45 AM Slate Isn’t Too Liberal, but … What readers said about the magazine’s bias and balance.
Brow Beat
Sept. 29 2014 9:06 PM Paul Thomas Anderson’s Inherent Vice Looks Like a Comic Masterpiece
Future Tense
Sept. 30 2014 7:36 AM Almost Humane What sci-fi can teach us about our treatment of prisoners of war.
  Health & Science
Bad Astronomy
Sept. 30 2014 7:30 AM What Lurks Beneath The Methane Lakes of Titan?
Sports Nut
Sept. 28 2014 8:30 PM NFL Players Die Young. Or Maybe They Live Long Lives. Why it’s so hard to pin down the effects of football on players’ lives.