The dangers of social spam.

Inside the Internet.
Sept. 23 2009 11:12 AM

Your Gullible Friend Has Sent You a Photo!

The dangers of social spam.

(Continued from Page 1)

The damage caused by ViddyHo, as with WeGame, appears limited to embarrassment. Hoan Ton-That, the site's San Francisco-based creator, told me in April that he didn't mean to auto-invite people's entire address books, though the fact that he has a new site with similar ambitions is not heartening. But there's nothing preventing the next ViddyHo from doing more damage, logging passwords and contacts for more sinister purposes.

Like any good scam, social spam exploits our trust—the belief that our friends wouldn't invite us to join a site with bad intentions. Versions of this trick have been around since the height of AOL Instant Messenger's dominance, when I would occasionally get IMs from friends with purported links to articles about Osama Bin Laden's capture. (I clicked on that one.) But the rise of social networking has made these scams even more convincing. I have a feeling most of the victims of the WeGame e-mails were more absent-minded than gullible. We decide we're going to register for some new site and then go into autopilot, typing in whatever we're asked for in the fields. After all, we've done it a thousand times before without incident. (One victim at Wesleyan claims to have been on the phone while absently clicking through the motions and ended up infecting her best friend's mother.)

It's easy to imagine how social spam could wreak real havoc. Imagine a site—vouched for in a friend's e-mail message, naturally—that asks users to provide their e-mail address as a login, then prompts them to set up a password. It would then be elementary for the wicked Web site to check whether this e-mail/password combo opens the user's Webmail account. Considering how often people use the same password for all of their Web transactions, I bet that simple scheme would work a lot of the time. Once the Webmail has been cracked, the wicked Web site could send invitations to everyone in the contact list—and plunder the inbox for valuable goodies like bank account information or Social Security numbers.


If WeGame and its ilk continue to proliferate, it may fall to the Webmail clients to place extra protections on how outside sites can mine contacts. "We don't approve of third-party sites handling their users' information in this way," a Google spokesperson told me, adding that "in some cases we may take more proactive measures to identify and block the spam."

WeGame doesn't actually send mail from users' Gmail accounts—it just sends all your contacts e-mail with your name in the subject line. On account of that, the best Google could have done immediately would have been to block e-mail that came from WeGame. In the meantime, a quick, finger-wagging PSA: The rise of social spam is yet another reason to practice safe surfing. Think twice whenever a site asks for your Webmail password. And for the millionth time, don't use the same password for everything.



Don’t Worry, Obama Isn’t Sending U.S. Troops to Fight ISIS

But the next president might. 

The Extraordinary Amicus Brief That Attempts to Explain the Wu-Tang Clan to the Supreme Court Justices

Amazon Is Officially a Gadget Company. Here Are Its Six New Devices.

The Human Need to Find Connections in Everything

It’s the source of creativity and delusions. It can harm us more than it helps us.

How Much Should You Loathe NFL Commissioner Roger Goodell?

Here are the facts.

Altered State

The Plight of the Pre-Legalization Marijuana Offender

What should happen to weed users and dealers busted before the stuff was legal?

Surprise! The Women Hired to Fix the NFL Think the NFL Is Just Great.

You Shouldn’t Spank Anyone but Your Consensual Sex Partner

Sept. 17 2014 5:10 PM The Most Awkward Scenario in Which a Man Can Hold a Door for a Woman
  News & Politics
Altered State
Sept. 17 2014 11:51 PM The Plight of the Pre-Legalization Marijuana Offender What should happen to weed users and dealers busted before the stuff was legal?
Business Insider
Sept. 17 2014 1:36 PM Nate Silver Versus Princeton Professor: Who Has the Right Models?
Sept. 17 2014 6:53 PM LGBTQ Luminaries Honored With MacArthur “Genius” Fellowships
  Double X
The XX Factor
Sept. 17 2014 6:14 PM Today in Gender Gaps: Biking
  Slate Plus
Slate Fare
Sept. 17 2014 9:37 AM Is Slate Too Liberal?  A members-only open thread.
Brow Beat
Sept. 17 2014 8:25 PM A New Song and Music Video From Angel Olsen, Indie’s Next Big Thing
Future Tense
Sept. 17 2014 9:00 PM Amazon Is Now a Gadget Company
  Health & Science
Medical Examiner
Sept. 17 2014 11:48 PM Spanking Is Great for Sex Which is why it’s grotesque for parenting.
Sports Nut
Sept. 17 2014 3:51 PM NFL Jerk Watch: Roger Goodell How much should you loathe the pro football commissioner?