Your Gullible Friend Has Sent You a Photo!The dangers of social spam.
Posted Wednesday, Sept. 23, 2009, at 11:12 AM ET
Until last weekend, I had never heard of WeGame.com, the go-to source for videos of video games. Then, on Sunday, I got an e-mail from a casual acquaintance with the subject line "[casual acquaintance] has sent you a photo!" Naturally, I clicked the link, which took me to WeGame. The site invited me to see this photo—just as soon as I entered my e-mail password, which it promised not to remember.
PRINT
DISCUSS
E-MAIL
RSS
RECOMMEND...
Facebook
MySpace
Mixx
Digg
Reddit
del.icio.us
Furl
Ma.gnolia
Sphere
StumbleUponThe site's tactic is dirty and obvious: When you give it your login info, it mines all the contacts from your account and fires off an identical e-mail to all of them with your name in the subject line. I got several more WeGame messages on both my Gmail and work accounts from infrequent contacts, like the friend of an ex-girlfriend's current boyfriend. There's nothing truly evil going on here—it appears to just be an overzealous publicity campaign on WeGame's part. This episode of "social spamming," however, does reveal a ripe opportunity for more pernicious spammers to get access to your accounts and cause all sorts of trouble.
There are times when it's useful to allow a Web site to peek at your contacts list. Both Facebook and Twitter offer to search your e-mail to find friends' profiles or user names. WeGame, which is a serious project that raised $3 million when it launched, has as much right as anyone to market itself to users' friends via e-mail. The difference is that WeGame encourages you actually to send mail to all your contacts, firing out misleading messages if you click "yes" too many times without reading carefully. Every time I logged in, the photo my friend allegedly wanted to share was the same: a picture of two people dressed as the Mario Bros.
I signed up on WeGame with a dummy account on Monday morning to see exactly how easy it is to spam all your friends accidentally. Once I went through the sign-up process, I got to a pop-up that asked me to "confirm [my] e-mail invites." All of the contacts in my dummy account's address book were selected. In order to avoid spamming everyone, I had to hit cancel and start unchecking names. This actually represents progress for the site. Armin Rosen, a Columbia University senior who fell for the WeGame scheme, tells me that he "didn't even see the list of e-mails" he was about to send when he signed up. (In response to my questions about his site's publicity strategies, WeGame founder Jared Kim pleaded ignorance, telling me only that his "team makes pretty rapid changes" to WeGame's functionality.)
I can't remember the last time I saw any piece of old-school spam that looked believable. The spelling and grammar are often hopelessly mangled, and we've all learned not to open weird attachments or send strangers our bank account information. But notes like the one from WeGame are a new breed. Because we are so accustomed to interacting with friends over social networking sites, getting an e-mail about a photo link doesn't seem strange. Sites that pose as social networks are the new spammers, and they're a lot harder to sniff out than the traditional penis enlargement and fake Rolex watch crowd.
Consider the case of ViddyHo.com. The site, which launched in February, promised you a video if you logged in through MSN Messenger, AIM, or Gmail, among other sites. This isn't such a strange request. Facebook Connect allows other Web purveyors to use Facebook profiles as a form of identification, and your Gmail password is your ticket to all of Google's tools and gadgets. ViddyHo wasn't on the level, though, and people who fell for the trick paid the price. If you handed over your Gmail username and password, the site proceeded to GChat all of your friends to spread the good news about ViddyHo. Not only were victims hacked; all of their friends knew they were gullible.
What It Will Cost You To Deny Illegal Immigrants Health Insurance
Stupid Drug Story of the Week: NBC's Today Show Discovers Huffing
Can the Government Call God Jesus? What About Allah?
How Twilight Made Goth Fashion Mainstream
Is Disney's The Suite Life Making Your Child Into an Evil Lothario?
The Blind Side: Illegal Use of Sandra Bullock
Thank you for this article. You should know that Facebook gets some people with a trick just as creepy as the others you describe. It sends out messages with your name as the sender, with subject lines like "Hey, check out my photos on Facebook" or "reminds" people that you have asked them to be friends (when you haven't, they are just listed in your g-mail address book). This happened to me regarding 1,500 addresses! Facebook does not respond to complaints, either, they just give you the run-around.... Facebook is now my "social not working" site... has made many simple relationships very awkward! I've quit.
-- mkisliuk
(To reply, click here)
I am a skeptical, late adopter of Facebook - I don't use it much.
Today, an acquaintance whom I have mutually "Facebook-friended" made some kind of little posting on HIS page. Then I started to get emails every time some of his friends replied to it. WTF?!
I looked at the email notification page - there were 50 different settings - none of which sounded anything like "Get email notifications whenever a friend of a friend makes a posting to your friend's page".
So I had no choice but to uncheck all 50 email notif. boxes. ( I guess I could have changed what I put in as my email address too).
Very unimpressed with Facebook.
-- MisterPerson
(To reply, click here)