Tuesday, June 9, 2009

Important Public Service Announcement

From The Editor

I received an email today, (dated yesterday), from a resident and Club Member, a person known to me, sending some photos to the blog. These are items I get somewhat routinely from members, so despite the fact that Gmail placed it in spam, I clicked the link. Bad move as it turns out.

The photos were supposedly at "tagged dot com".

The site gave me the option to sign in with the blog's Google account, how convenient, but another bad move. This means in retrospect that the blog password was literally handed over to them, but not for long. Read on.

I did not really raise my antennae until about 15 seconds into the site it showed me a list of 48 "friends", many of whom I recognized as coming from the blog inbox.

This site had read the blog's email inbox! I exited the site at that point, and had not clicked any invite or send buttons.

Incidentally, there were many names from around the mountain I recognized that had never written to the blog, so the site presumably read the inbox of my sender, and more of us?

After 3 minutes of Googling about tagged dot com, I changed the blog password, and its fundamental pattern on the keyboard. I have only skimmed google but here goes....

About tagged dot com
From Wikipedia: They are regarded as phishers and spammers, though not quite.
From Snopes.com: Snopes explains the likenesses to a scam or virus, but in the end calls them "disingenious", since it seems they do not actually install malicious software on a machine.
Needless to say they get an "F" from the BBB.
Tagged dot com is a Microsoft partner. holy cow.

If you logged into tagged dot com, change the password to your email account. The site will apparently log into your account and send spam to everyone in your address books or inboxes as though it were you.

My Feelings
Since I exited the site rather than contact my 48 "friends", and changed my password to "wlccblog at gmail", I am assuming no one is harmed by my actions.

The site did however read the blog's inbox, just as it appears to have read the inbox of the person who "sent" me pictures, and who knows who else's inboxes.

Change your passwords.

Filed Under: From The Editor
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)