The dangers of social spam.

Inside the Internet.
Sept. 23 2009 11:12 AM

Your Gullible Friend Has Sent You a Photo!

The dangers of social spam.

WeGame.com logo.

Until last weekend, I had never heard of WeGame.com, the go-to source for videos of video games. Then, on Sunday, I got an e-mail from a casual acquaintance with the subject line "[casual acquaintance] has sent you a photo!" Naturally, I clicked the link, which took me to WeGame. The site invited me to see this photo—just as soon as I entered my e-mail password, which it promised not to remember.

The site's tactic is dirty and obvious: When you give it your login info, it mines all the contacts from your account and fires off an identical e-mail to all of them with your name in the subject line. I got several more WeGame messages on both my Gmail and work accounts from infrequent contacts, like the friend of an ex-girlfriend's current boyfriend. There's nothing truly evil going on here—it appears to just be an overzealous publicity campaign on WeGame's part. This episode of "social spamming," however, does reveal a ripe opportunity for more pernicious spammers to get access to your accounts and cause all sorts of trouble.

There are times when it's useful to allow a Web site to peek at your contacts list. Both Facebook and Twitter offer to search your e-mail to find friends' profiles or user names. WeGame, which is a serious project that raised $3 million when it launched, has as much right as anyone to market itself to users' friends via e-mail. The difference is that WeGame encourages you actually to send mail to all your contacts, firing out misleading messages if you click "yes" too many times without reading carefully. Every time I logged in, the photo my friend allegedly wanted to share was the same: a picture of two people dressed as the Mario Bros.

Advertisement

I signed up on WeGame with a dummy account on Monday morning to see exactly how easy it is to spam all your friends accidentally. Once I went through the sign-up process, I got to a pop-up that asked me to "confirm [my] e-mail invites." All of the contacts in my dummy account's address book were selected. In order to avoid spamming everyone, I had to hit cancel and start unchecking names. This actually represents progress for the site. Armin Rosen, a Columbia University senior who fell for the WeGame scheme, tells me that he "didn't even see the list of e-mails" he was about to send when he signed up. (In response to my questions about his site's publicity strategies, WeGame founder Jared Kim pleaded ignorance, telling me only that his "team makes pretty rapid changes" to WeGame's functionality.)

I can't remember the last time I saw any piece of old-school spam that looked believable. The spelling and grammar are often hopelessly mangled, and we've all learned not to open weird attachments or send strangers our bank account information. But notes like the one from WeGame are a new breed. Because we are so accustomed to interacting with friends over social networking sites, getting an e-mail about a photo link doesn't seem strange. Sites that pose as social networks are the new spammers, and they're a lot harder to sniff out than the traditional penis enlargement and fake Rolex watch crowd.

Consider the case of ViddyHo.com. The site, which launched in February, promised you a video if you logged in through MSN Messenger, AIM, or Gmail, among other sites. This isn't such a strange request. Facebook Connect allows other Web purveyors to use Facebook profiles as a form of identification, and your Gmail password is your ticket to all of Google's tools and gadgets. ViddyHo wasn't on the level, though, and people who fell for the trick paid the price. If you handed over your Gmail username and password, the site proceeded to GChat all of your friends to spread the good news about ViddyHo. Not only were victims hacked; all of their friends knew they were gullible.

TODAY IN SLATE

Foreigners

The World’s Politest Protesters

The Occupy Central demonstrators are courteous. That’s actually what makes them so dangerous.

The Religious Right Is Not Happy With Republicans  

The XX Factor
Oct. 1 2014 4:58 PM The Religious Right Is Not Happy With Republicans  

How Did the Royals Win Despite Bunting So Many Times? Bunting Is a Terrible Strategy.

Catacombs Where You Can Stroll Down Hallways Lined With Corpses

Homeland Is Good Again! For Now.

Crime

Operation Backbone

How White Boy Rick, a legendary Detroit cocaine dealer, helped the FBI uncover brazen police corruption.

Music

How Even an Old Hipster Can Age Gracefully

On their new albums, Leonard Cohen, Robert Plant, and Loudon Wainwright III show three ways.

The One Fact About Ebola That Should Calm You: It Spreads Slowly

Piper Kerman on Why She Dressed Like a Hitchcock Heroine for Her Prison Sentencing

  News & Politics
Politics
Oct. 1 2014 7:26 PM Talking White Black people’s disdain for “proper English” and academic achievement is a myth.
  Business
Moneybox
Oct. 1 2014 2:16 PM Wall Street Tackles Chat Services, Shies Away From Diversity Issues 
  Life
Outward
Oct. 1 2014 6:02 PM Facebook Relaxes Its “Real Name” Policy; Drag Queens Celebrate
  Double X
The XX Factor
Oct. 1 2014 5:11 PM Celebrity Feminist Identification Has Reached Peak Meaninglessness
  Slate Plus
Behind the Scenes
Oct. 1 2014 3:24 PM Revelry (and Business) at Mohonk Photos and highlights from Slate’s annual retreat.
  Arts
Brow Beat
Oct. 1 2014 6:39 PM Spoiler Special: Transparent
  Technology
Future Tense
Oct. 1 2014 6:59 PM EU’s Next Digital Commissioner Thinks Keeping Nude Celeb Photos in the Cloud Is “Stupid”
  Health & Science
Science
Oct. 1 2014 4:03 PM Does the Earth Really Have a “Hum”? Yes, but probably not the one you’re thinking.
  Sports
Sports Nut
Oct. 1 2014 5:19 PM Bunt-a-Palooza! How bad was the Kansas City Royals’ bunt-all-the-time strategy in the American League wild-card game?