Spooge's Spit Up - Hello Mr Website, Would You Like My Password

Over the last few days I’ve been “tagged” a few times from “tagged.com”.

I hid the names to protect the guilty, though I’m not actually sure why I would want to do such a thing.

Anyway, a Google search revealed some people posting unbelievable things about it. One person even suggested that it required users to give it their email account’s password - and that they do it!

This had to be verified. I set up a Yahoo mail account, and signed up for Tagged. Turns out it didn’t ask you to give your email password. It requires you to give your email account’s password. It actually checks, as you’re doing this, that it is the right password.

Wow.
People really are idiots.

After this, you get to click through - I kid you not - 10, count ‘em, 10, offers, at after which you get to do whatever, I guess.

Meanwhile, having gained access to your email account, it logs and sends emails to spams everyone in your address book. Presumably it will then sell every address it finds to spammers.

The really shocking thing is, some of the people “tagging” me with this work in IT. They seem reasonably intelligent people, even. Yet they’re still giving the password for their primary (yes, their primary) email account to some site they just found on the internet, presumably because it spammed them!

Social engineering will never be solved. How can it be, if even so-called-professionals will surrender their passwords that easily?

Digg It! Stumble Delicious Technorati Tweet It! Facebook Add To Reddit RSS Google Bookmarks Meneame


Labels: