Your Gullible Friend Has Sent You a Photo!The dangers of social spam.
Posted Wednesday, Sept. 23, 2009, at 11:12 AM ET
PRINT
DISCUSS
E-MAIL
RSS
RECOMMEND...
Facebook
MySpace
Mixx
Digg
Reddit
del.icio.us
Furl
Ma.gnolia
Sphere
StumbleUponThe damage caused by ViddyHo, as with WeGame, appears limited to embarrassment. Hoan Ton-That, the site's San Francisco-based creator, told me in April that he didn't mean to auto-invite people's entire address books, though the fact that he has a new site with similar ambitions is not heartening. But there's nothing preventing the next ViddyHo from doing more damage, logging passwords and contacts for more sinister purposes.
Like any good scam, social spam exploits our trust—the belief that our friends wouldn't invite us to join a site with bad intentions. Versions of this trick have been around since the height of AOL Instant Messenger's dominance, when I would occasionally get IMs from friends with purported links to articles about Osama Bin Laden's capture. (I clicked on that one.) But the rise of social networking has made these scams even more convincing. I have a feeling most of the victims of the WeGame e-mails were more absent-minded than gullible. We decide we're going to register for some new site and then go into autopilot, typing in whatever we're asked for in the fields. After all, we've done it a thousand times before without incident. (One victim at Wesleyan claims to have been on the phone while absently clicking through the motions and ended up infecting her best friend's mother.)
It's easy to imagine how social spam could wreak real havoc. Imagine a site—vouched for in a friend's e-mail message, naturally—that asks users to provide their e-mail address as a login, then prompts them to set up a password. It would then be elementary for the wicked Web site to check whether this e-mail/password combo opens the user's Webmail account. Considering how often people use the same password for all of their Web transactions, I bet that simple scheme would work a lot of the time. Once the Webmail has been cracked, the wicked Web site could send invitations to everyone in the contact list—and plunder the inbox for valuable goodies like bank account information or Social Security numbers.
If WeGame and its ilk continue to proliferate, it may fall to the Webmail clients to place extra protections on how outside sites can mine contacts. "We don't approve of third-party sites handling their users' information in this way," a Google spokesperson told me, adding that "in some cases we may take more proactive measures to identify and block the spam."
WeGame doesn't actually send mail from users' Gmail accounts—it just sends all your contacts e-mail with your name in the subject line. On account of that, the best Google could have done immediately would have been to block e-mail that came from WeGame. In the meantime, a quick, finger-wagging PSA: The rise of social spam is yet another reason to practice safe surfing. Think twice whenever a site asks for your Webmail password. And for the millionth time, don't use the same password for everything.
How Did Blocking Traffic Become Argentina's Favorite Way To Protest?
The Ridiculous Arguments Against Trying Khalid Sheikh Mohammed in Open Court
How Did They Calculate That Tiger Did $200 Damage to That Tree?
My Ill-Fated Winter Fling With Alicia Keys
Can All of Architecture Be Reduced to 253 Patterns?
The Latest Updates From Barack Obama's Facebook Newsfeed
Thank you for this article. You should know that Facebook gets some people with a trick just as creepy as the others you describe. It sends out messages with your name as the sender, with subject lines like "Hey, check out my photos on Facebook" or "reminds" people that you have asked them to be friends (when you haven't, they are just listed in your g-mail address book). This happened to me regarding 1,500 addresses! Facebook does not respond to complaints, either, they just give you the run-around.... Facebook is now my "social not working" site... has made many simple relationships very awkward! I've quit.
-- mkisliuk
(To reply, click here)
I am a skeptical, late adopter of Facebook - I don't use it much.
Today, an acquaintance whom I have mutually "Facebook-friended" made some kind of little posting on HIS page. Then I started to get emails every time some of his friends replied to it. WTF?!
I looked at the email notification page - there were 50 different settings - none of which sounded anything like "Get email notifications whenever a friend of a friend makes a posting to your friend's page".
So I had no choice but to uncheck all 50 email notif. boxes. ( I guess I could have changed what I put in as my email address too).
Very unimpressed with Facebook.
-- MisterPerson
(To reply, click here)