Software

Another social networking site harvesting e-mail addresses

Another social networking site being used for e-mail address harvesting. Why am I not surprised? Have you been tagged?

Another social networking site being used for e-mail address harvesting. Why am I not surprised? Have you been tagged?

-----------------------------------------------------------------------------------

Although this has apparently been circulating for a while, it finally caught up with me -- twice in the same week. I received one from a user for whom I provide support, and another from a personal friend. Both of them had an e-mail sent in their name inviting me to click on the link and see the pictures that were posted.

John (not his real name) sent you private pictures on Tagged. Is John your friend (with a yes and no selection)? Please respond, or else John will think you said no (with a frown face).

I've never heard of Tagged before this, but I wasn't taken in by it, not even for a second. My experience with such things in the past prompted me to call my friend to confirm my suspicions. His reply was predictable -- someone else sent him the same e-mail, and he actually clicked on the link. He said that he thought they were graduation pictures that had been posted because they just attended their kids' high school graduation, and the photographer was supposed to post pictures on her Web site, making them available for preview and purchase. Obviously, by him clicking on the link, it allowed something (or someone) at the Tagged Web site to also harvest all the names in his address book, one of which was mine (oh, lucky me).

So be warned -- don't fall for the Tagged scam.

I realize I'm probably preaching to the choir, here, and not many user support professionals would fall for such a thing. But I write about it on the outside chance that someone will be saved from being Tagged, or perhaps some user support pros might decide to send a warning to their users. In the very least, it will allow me to vent a little bit about how often I've warned people about such things -- but they keep falling for them. And whatever you do, I tell them, don't click on the unsubscribe link either. It only confirms a valid e-mail address and will probably make things worse. I tell them over and over again, but they continue to click on the links in those e-mails. And it seems that any number of the popular social networking sites are actually the culprits in such scam e-mails.

I'll admit my bias. I just don’t like any of the Internet's social networking sites. I don't want to be Face Booked or My Spaced, and I don't want to be Twittered or Tagged. I want my former Classmates to remain part of my past, and I don’t want any future Adult Friends to be found for me. I guess I just don't want to be Linked-In, regardless of who invites me, legitimate or not.

One might think that out of the hundreds of social networking sites out there, that just one of them might appeal to me. Nope, not one of them. If that makes me old school, then so be it. I do find it interesting, however, that at one time (not too long ago), I was considered a person on the leading edge of Internet technology. Has it really been around long enough for me to be an Internet old fogie?

What do you think of the social networking e-mail harvesting schemes; and what do you think, in general, of the social networking sites?

75 comments
remanabat
remanabat

there's also hi5 and wayn that harvests e-mail addresses.

louise.marshall
louise.marshall

I totally agree with Joe and most of the other comments about social networking sites. They can be used to verbally attack people. There have been cases of young adults committing suicide because of the real life consequences of what people have said on those sites. I detest them.

BlueCollarCritic
BlueCollarCritic

How many more incidents of email related problems till someone who can make the call steps up and say "OK its time for an official not-for-profit group to do something; the US POstal Service". I've believed for a long time the US POst office should set up secure email where every one gets a basic email acct (for free) that allows for text based emailing that groups r in some way tags all emails from any user that you have not flagged as 'Someone I know' so that one can easily distinguish what is what. Additionally no person or group could send an email to thsi address without being verified (elimiates mass emailing from spammers). Imagine how much less eCrap we'd get if every spam-scammer had to verify who they were on every outgoing email? For more then text based email like html based email there would be a small fee, just enough to cover the average cost per user and low enough so that everyone could afford it. I'd be willing to bet that large corporatioons would donate large monies to the post office for something like this (to supplement costs) just to be able to move users onto a secure email system who currently perpetuatue these emails by continuely doing things they shouldn't. Heavy sighhh

A.C
A.C

Social networking appeals to the type of person who has to spend all their time on a mobil phone, in a blinkered little world of their own, oblivious to the real world.... So when they do get run over by the bus after stepping off the pavement without looking, because their conversation is obviously more important than their life, I will not be at all sympathetic... and at least that will be one less person who will give out YOUR email address.

mmmmpsi
mmmmpsi

I'm sorry but I can't see why a site getting your E-Mail address really matters?? I guess I'm just expecting that someone out there WILL get your E-Mail address so instead of bitching about a site harvesting your E-Mail addresses why don't you do the smart thing that any IT professional SHOULD be doing in that you have multiple E-Mail addresses. I have one for my business, one that I use for registering on forums, blogs, etc.. and then another one for social sites.. Again, just be smart about it and don't blame someone else for getting your information.

starrlg
starrlg

Since my wife discovered FaceBook I've developed the opinion that the DEA should forget about recreational drugs, and concentrate on Social Networking sites, they appear to be, far, more addictive. :-(

pgit
pgit

"I'll admit my bias. I just don?t like any of the Internet?s social networking sites. I don't want to be Face Booked or My Spaced, and I don?t want to be Twittered or Tagged. I want my former Classmates to remain part of my past, and I don't want any future Adult Friends to be found for me. I guess I just don't want to be Linked-In, regardless of who invites me, legitimate or not."

marvcohen
marvcohen

I think they should all be outlawed, shut down and the perpetrators locked up. Sites such as Tagged are particularly insidious, as they steal your entire E-mail list by fraud and deception, then you have to deal with irate E-mails and calls from every one on your E-mail list who got sucked in. These techniques also enable these sites to introduce malware. Can't we collectively petition the Feds to shut down Tagged and all of their ilk?

wmarr
wmarr

Unfortunately, Yes, I became part of Facebook, being a nice person and letting people I know, add me as "friends", write something stupid on my wall, ( I don't care if you ate spegetti last night or going to bed (if your not going to bed with me, I really don't care- and be famale too, no.. you knows who.LOL) but really, I am thinking about how to go about cancelling my account with facebook. Even relatives of mine are adding me to thier list. I really don't need THEM seeing who all I know (or unfortunately had added to a list) I must be a bit "not so bright" about that crap, but a person, can go through your facebook thing, find people you know, and just surf their way, to someone whom they want to bother, if you know what I mean. There is no security on those sites. User Beware, and wish me luck getting away from it.

eaglemaster1245
eaglemaster1245

When are people going to learn that social networking is really there for two things: 1st - To get your e-mail addresses so they can then sell them to highest bidder to do with what ever they wand. 2nd To leave little birthday surprises on your computer to be opened on a specific date. By this I mean the individuals that love to create those things that require us to have antispyware, adware, and malware protection on our machines. Just think how many people go on YouTube, MySpace and all those other sites that people put the dumb things that they, their friends, or their pets have done. Then they sent out 1 email with 10 e-mail addresses and those ten send to lets 7 to 10 people each. Catch my drift. Social networking is going to be the one way that hackers, crackers and the others finally are able to complete shut down the Internet.

ThomasRWright
ThomasRWright

Ummm - isn't THIS site, essentially, just a social networking site with a techie twist?

joannaklekawka
joannaklekawka

You've expertly addressed most of my technical concerns as well as my personal attitute towards e-social networking sites. Thank you for that. I thought I was the only one left having reservations about such sites.

bkrateku
bkrateku

Just reminded me of a time when one of my sister-in-laws was taking a picture of my mother-in-law on her cell phone and said she was going to put it on her MySpace page. My mother-in-law, slightly irritated at the idea, replied, "I'll my your space." It was hilarious.

georgek
georgek

I think people who spend any significant time on social networking sites need to get a life! There are much more interesting things to do in life than sit in front of a computer screen and read and type comments, blog, twitter, etc. Take a walk, see nature, exercise, visit someone, call someone you haven't spoken to for a while, work around the house, etc.

melias
melias

I'm a member of Linkdin. I have logged in exactly twice. Once, to create my profile when a good friend invited/convinced me to join, the second time when my next door neighbor wanted to make me a contact. That's it. None of the notification emails I have received from the site has convinced me to log back in.

jgmsys@yahoo.com
jgmsys@yahoo.com

I agree. Pick up a phone and call your friends, if they really are friends, or at worst, email them. Conspiracy theories aside, many of these sites are an excellent source for malware. I have seen my wife's machine infected many times because she frequents FaceBook, and I refuse to join for that reason. And I agree, do I really care about my former classmates, most of whom were not friends to begin with? Answer="no."

ted
ted

i admit that i have joined a site, i can't recall the name now, that kept bringing up TAGGED, and indicating that to proceed to the next registration point, i needed to provide my email account. I can't print what my verbal response was. the method used to acquire this information can be described as misleading at best. Can someone explain why these sites are legally allowed to engage in deceptive practices, and second, why people haven't awoken to the true purpose of this activity? Oops, disregard the second part of that question. We still have people who think that Nigerians have left them millions of dollars. LOL.

jalien01
jalien01

I've warned friends and family about social networking sites for years. But I would say most replying to this message use similar techniques. Those of us jaded by myspace swear to fight this evil. Just for site traffic but that's all, then just a bit more for customer research and that's it, although it sure would generate more reliable information if the data revealed what other sites were visited before and after a visit but that's ok because... I am a little new to the I.T. field with a little rack of supermicro's in my back room and completely self taught. So tell me, just what exactly is doubleclick, and why do I suspiciously get a new email in my junk account whenever I click a link to this site?

gcalderon71
gcalderon71

I used to be like you. Didn't want anything to do with these sites. But then I decided to try Facebook, and people I had known in the past that I lost touch with started trickling back into my life. Granted, I don't talk to them like I used to, but it was nice to see how badly time had abused them.

E-Cost
E-Cost

I got "Tagged" this week, by a friend and colleague whose son rowed with my son. I tried to get the pix. How do I know if I've done any damage to myself in being partially sucked-in by Tagged? Jack

aevangelista
aevangelista

I was told that using social networking sites can really help companies market their services or products. After reading this article, I am starting to wonder whether using these networks are ethical. If I have to use Twitter, Facebok or My Space for marketing, how should I use these networks in a socially responsible way?

JamesRL
JamesRL

I have a friend who is very much into the social networking scene, who twitters facebooks et al. But maybe one in five of his blog posts are actually interesting. And the twitters seem to just be about the blogs. (I am not on twitter, but there are sites that can disaply your tweets). I just don't undestand why people think the mundane aspects of their life are interesting. Of course I've felt the same way about kids and cell phones for the longest time. Whenever I am subjected to having to overhear them(linesups for movies etc) talk on their cells, they seem to have nothing to talk about. I like face to face conversations - interactions. And for those who are distant, email is fine. I do socialize with others, as some of you well know. But it is this incessant need to fill the vacuum of the ether that I don't get. I am on two sites - Classmates and LinkedIn. Classmates because I moved away from my home town, and i'd like to catch up with people from those days. And Linked in for similar purposes in my working career, and to keep up my network in case I need to job hunt, or I can help a friend with their search. One of the things about Linked in that amazes me are the professional networkers with 500 contacts. I know a lot of people from my school, my time in politics and my work career, but I'd never be so bold to think I have 500 friends. James

jim
jim

I could not agree more, Joe, word for word with your article, especially the very familiar self-description and attitude toward the whole social networking phenomenon. Jim

csmith.kaze
csmith.kaze

Why is it the internet brings out the worse? I bet the people who make these scams are considered "normal" people in real life, people who would "never" steal. I think we need an internet jail. I wonder how we could do that...

LarryBoy2
LarryBoy2

I have not been Tagged, nor am I FaceBooked or MySpaced (I agree they're mostly for teens). And I don't have time to Twitter. (I can't keep up w/ TR and all my RSS feeds, as it is!) I am, however, LinkedIn, and have not had any problems as far as I can tell. I use it because it gives me career options. A co-worker recently attended a career workshop sponsored by the local chapter of the Project Management Institute, and the presenter, who is a recruiter, highly recommended being on LinkedIn. I've read that 20 - 25% of the people on LI are recruiters, and apparently they use it these days to research potential candidates.

CharlieSpencer
CharlieSpencer

"Imagine how much less eCrap we'd get if every spam-scammer had to verify who they were on every outgoing email?" Is the same USPS that currently makes most of their money by delivering third- and fourth-class bulk mailings to my house? That now subsidizes the private mail portion of their business by delivery spam?

wendygoerl
wendygoerl

Wouldn't that make them HYPER-social morons?

Joe_R
Joe_R

..... for posting your opinion.

JCitizen
JCitizen

I may be concerned about them; but I gotta agree with you; why would I wan't to re-associate with people I didn't even like?

gep2
gep2

doubleclick seems to be only involved in internet ads, filling your hard drive with cookies, and other b.s... if you're on a Windows system, adding doubleclick to your hosts file can help limit what they do to your machine.

Joe_R
Joe_R

As I mentioned in an earlier post, I suppose I do a fair amount of [i]social networking[/i], at least in some sense, right here at TechRepublic, both in my blog and the ensuing discussions and e-mails, and also in the off-topic discussions (under a different alias). I do have a life outside the Internet, so I don't really have a need (or much time) for any other [i]social networking[/i] outlets. And if one considered the fact that many of the Internet [i]social networking[/i] sites are magnets for identity theft bandits, I choose to be an extrovert in different directions.

shawkins
shawkins

maybe he is just someone who doesn't want to spend a lot of time dealing with the mostly useless banter on social sites. I tend to agree with him. I've had many people try to convince to sign up for Facebook, Twitter, etc. I've tried. I can't find much there that is useful to either me or my friends. It's mostly just a time vampire.

JCitizen
JCitizen

others thoughts out loud, as if to verify their own brain function; kind of like a weird form of autism! I'm sure I was the same way when very young; but we called it talking to yourself, back then. HA! :^0

gep2
gep2

MySpace is owned by sleazeball Rupert Murdoch, which is enough reason to boycott that one. I agree that Tagged seems to be another Bad News operator. (Maybe not as bad as Grouply, which are REAL scum, it seems... they are a real cancer on Yahoogroups). LinkedIn, however, seems to have achieved a more professional group of subscribers and bent... and so far looks very worthwhile.

user support
user support

A lot of online services (retail, social networks, etc) are good but you get hooked but then the ownership changes and so do all the user and privacy agreements. When I joined TR my supervisor warned me not to use my work email. I didn't heed the warning and sometime later TR switched owners and I started receiving a lot of solicitations, though not as bad as if my email was stolen. Now I use alternate emails for all situations and recommend that users at work to use alternate emails for all social networks including linkedin.

BlueCollarCritic
BlueCollarCritic

Yes. Clearly & obviously these email addresses would not be allowed to recieve electronic spam from the USPS. The subsidizing of mail costs via the real world (printed paper) spam that the USPS sends out is done and was started to help keep the cost of mail as low as possible. And while people did complain about junk mail before email, the spam problem only got out of control when electronic spamming was found to be so easy and cheap. And lastly, don't knock the valu-pak and other advertising you get in the mail. I'd rather get all of my spam that way and none in my email. While I'm not pro-government by any means, something like this couldn't be done properly by a private organization.

jalien01
jalien01

It was my little smart ass remark to techrepublic after noticing that dreadful web bug trying to run scripts on this website. But thanks for the reply!

Dan Aquinas
Dan Aquinas

Intriguing post about adding doubleclick (DC) to your Windows "HOSTS" file. Could you share the technical details, for I cannot fathom how adding this entry would limit what DC could do to one's computer.

JCitizen
JCitizen

perhaps it was a TR member who spammed you; if they sent a message and you answered. I assume you mean change of ownership as in CBS?

JCitizen
JCitizen

would violate the very thing we are defending against.

JCitizen
JCitizen

do the same thing. It has a comprehensive host file that can be updated regularly or done automatically(small fee) to defend against some of the new hidden exploits in some 20,000 legitimate web-sites out there now. Or if you preferr - FireFox also has a wonderful host file called Adblock Plus which does wonders, also free. Turning off java, using noscript, and blocking iFrames can go a long way but, then the web is barely usable. There are also free open source host files that work in IE(XP) that are automatically updated too. So many that I can't list them all here. Most of the attacks that I've had to deal with in the last nine months have been from advertising vectors. It is serious business to block as much advertising as possible. There again you can turn everything off and go to FF with NoScript, but what good is the enternet to most folks that way? They are just not doing it; not even the SMBs. We didn't even do that under HIPAA, because our clients needed the web-page functionality to do their jobs. We didn't have time to train 500 employees on the use of NoScipt when it was just easier for us IT types to do our job.

JCitizen
JCitizen

my clients refuse to use it. Why must we give in the the web "terrorists" anyway? For those that use it, I encourage them; for those that don't, I still encourage them - to enjoy the full function of the internet the way it was supposed to be enjoyed. They must sign on to the blended defense, way of doing things however, or they will quickly be pwned!

jalien01
jalien01

I use noscript and disable auto cookies. It's a pain in the ass at first, but then you see just how many thousands of cookies are spying and clogging things up. I'm used to it now, whenever I visit a new site I just start clicking and say "denied, denied, denied...". I started doing this a year ago, and my malicious software discoveries went down more than %80!!!

Dan Aquinas
Dan Aquinas

That's a cool little trick! I appreciate that you explained it so well.

father.nature
father.nature

Will immediately try this. I loath DoubleClick and this might mean less time spent running CCleaner. Thanks for the tip! If it works as advertised, will certainly promulgate it with TechRepublic and yourself listed as sources.

Datacommguy
Datacommguy

Since nobody else has answered your question, let me explain. You can put an entry in your hosts file (at Windows\System32\Drivers\Etc\Hosts) "127.0.0.1 ad.doubleclick.net" (without quotes). Since Windows checks the Hosts file first before going out to try to resolve the name to a net address, that causes any attempt to access DoubleClick to use the loopback address which Windows translates as your own computer. Any attempt to go there will simply go to your own computer and die there. The net result is frequent empty sub-windows where adds would have been as you surf web sites, or in the case of Fire Fox, a nice little warning that it could not reach the intended address. And, of course, you can 'block' access to any other annoying site name in the same way.

JCitizen
JCitizen

so they put a face on that it is malevolent. Before I had a hardware firewall, I found that seemingly harmless cookies were responsible for genenrating traffic that eventually led to a break down in the software firewall. Which eventually led to being pwned. Cookies by themselves are probably harmless but their is always something in the temp files that goes with it, that causes the problem. I believe this is how AdAware is able to clean up the network connection by blocking the installation of the temp files that come with a lot of cookies, as well as the cookies themselves. I believe it removes certain text files in the index.data casche to deny reference to these temp files. Simply running CCleaner manually, can take care of the same thing, but not as effectively.

Editor's Picks