Over the last few days I’ve been “tagged” a few times from “tagged.com”.
I hid the names to protect the guilty, though I’m not actually sure why I would want to do such a thing.
Anyway, a Google search revealed some people posting unbelievable things about it. One person even suggested that it required users to give it their email account’s password – and that they do it!
This had to be verified. I set up a Yahoo mail account, and signed up for Tagged. Turns out it didn’t ask you to give your email password. It requires you to give your email account’s password. It actually checks, as you’re doing this, that it is the right password.
Wow.
People really are idiots.
After this, you get to click through – I kid you not – 10, count ’em, 10, offers, at after which you get to do whatever, I guess.
Meanwhile, having gained access to your email account, it logs and sends emails to spams everyone in your address book. Presumably it will then sell every address it finds to spammers.
The really shocking thing is, some of the people “tagging” me with this work in IT. They seem reasonably intelligent people, even. Yet they’re still giving the password for their primary (yes, their primary) email account to some site they just found on the internet, presumably because it spammed them!
Social engineering will never be solved. How can it be, if even so-called-professionals will surrender their passwords that easily?
Jivlain 
April 30, 2007 at 1:37 am |
that’s amazing. and i thought people were idiots for giving up their credentials for a slice of pizza.
February 27, 2012 at 3:17 am |
If you are starving…
lol… it asks to “fill in my details” to post a comment…
May 9, 2007 at 11:58 pm |
How do you know they’re giving passwords to their PRIMARY e-mail account? After all, in your test, you set up a bogus Yahoo email account to test the process.
Wouldn’t “reasonably intelligent” people do the same?
May 10, 2007 at 9:12 am |
Because I know what their primary email account is, and then went and asked them about it 😉
June 5, 2008 at 1:19 pm |
Ooh, so that’s what those bloody irritating things are. I’ve been getting several from tagged, and other sites similar in nature, and figured that the users had simply entered my email address in one of those “recommend a friend” boxes.
I can’t believe anyone would freely give up their email password. Might as well hand out your credit card details and pins to anyone who asks nicely.
June 5, 2008 at 2:33 pm |
It doesn’t end there. Putting in my real email and incorrect password, you CAN skip – it then reveals who has already got that person in their address book. So without logging in, you can see who someone’s friends are with just their email address.
I’m not so sure your password is safe, because your address book aint. Not even a little bit.
Tagged – Security? We’ve heard of it.
June 5, 2008 at 2:34 pm |
It doesn’t end there. Putting in my real email and incorrect password, you CAN skip – it then reveals who has already got that person in their address book. So without logging in, you can see who someone’s friends are with just their email address.
I’m not so sure your password is safe, because your address book aint. Not even a little bit.
Tagged – Security? We’ve heard of it.
June 5, 2008 at 3:19 pm |
Not strange, there are many sites using these kind of resources to obtain emails to spam them.
These sites are not “social networks” like others and do not offer a minimal chance to interact with your friends.
Other sites offers you some services such as “looking up who has blocked your Me$$enger, Yahoo IM, and other accounts”, and yet users known that these sites are using their accounts as “email database source”, their are creating accounts on theses sites.
Really, there are idiot users…
On my local machine I have “tagged” these sites emails as “spam” thanks to SpamAssassin and BogoFilter.
xD
June 4, 2009 at 8:49 pm |
i will like to have ur email and password
August 4, 2010 at 9:00 am
hey your so cute
June 5, 2008 at 3:37 pm |
Someone I worked with told me that he used to work for a company that called people asking them there credit card information… so they could check if someone else stole it… and he said people would give them all the info!! Guess we where all instructed to follow authority and that everyone is there to help us while growing up that some how people forgot to think for them self (if you wondering that’s why fraud as usually really high punishment since you are undermining the trust of the people/system). And that reminds me of the website hi5.com it asked for your email password, it’s a facebook/myspace type thing.
June 5, 2008 at 4:37 pm |
Facebook itself asks for your email/password, to import your contacts. So does LinkedIn, so do many other major websites. And while one might trust Facebook to not mess around with your contacts (too much), on the verge of IPO… in a way all of those big websites are conditioning typical users that it’s ok to hand out access to their mail account.
This is where smaller websites with shady practices come in.
June 5, 2008 at 5:22 pm |
I _almost_ fell for this type of thing, and it might have even been on Tagged. What happened, in my case, was that I joined, using my email address as my user name (as they requested), and selecting a password for my account. The next page appeared at first glance to be a login screen. The user name field was already filled in with my email/user name, and the password field was empty. I tired to log in, but failed. I then realized that it wasn’t a login screen, it was an email harvesting screen. I closed the site and never went there.
MANY people use the same password for multiple accounts (also a bad idea). If I had used the same password for Tagged as I do for my email account, it would have spam bombed everyone just because I wasn’t paying attention, not because I’d consciously give my email password out to some random site.
June 5, 2008 at 5:36 pm |
And I wouldn’t trust those either… some disgruntled employee decides to bring a USB stick to the job 😉 Or some hacker etc
June 5, 2008 at 5:38 pm |
This is fairly common though isn’t it? I’ve tried to sign up with a few central contact type sites and stopped when I’ve realized what they’re doing. It makes sense really (from their point of view) – they want to import your addresses to social networking/cloud link with all other contacts they have you and they also want more business. I think the ones I’ve tried want access to your address book (online ones like hotmail etc, which means they need your password and your offline outlook one). Don’t LinkedIn or some other similar contact site do basically the same thing?
June 5, 2008 at 6:03 pm |
I fail to see how this is any different from providing Blogger with your gmail account password when you use a Google identity to comment on Blogger posts. In fact, when you do that with Blogger, it logs you in and /leaves you logged in/ so if you post a comment from a public terminal and walk away, the next person to visit gmail has full access to your account, which I consider a bigger security risk than the issue at hand here.
June 5, 2008 at 6:49 pm |
Ever heard of IMAP and LDAP setting up your own mail server for $5 / month?
Avoids the headache of having all your personal information online in some mega corporations database.
June 5, 2008 at 7:03 pm |
The password being requested by tagged.com at account creation time is NOT your e-mail password, but just any password you’d like to define to be used the next time you log into your tagged. com account. The requested tagged.com password can be any combination of characters you want.
June 5, 2008 at 10:00 pm |
CousinFucker : LDAP and IMAP on your own mail server doesn’t equal security. Nearly everyone working at those hosting companies has full access to all your data. I trust the kids working as their tech support about as far as I can throw them. I trust the data protection and privacy policies those companies have a little more but not much more. I trust their process to make sure people are complying with them even less. Use GMail if you want your email secure, Google has well developed controls over who has access to your GMail, your average hosting company much less so.
June 6, 2008 at 6:48 am |
[…] Sacado de Hello, Mr Website. Would you like my password? […]
June 6, 2008 at 6:59 pm |
LinkedIn did this the right way, as far as I was concerned:
1. I exported an address file from my email program in LDIF format (which is ASCII, hence editable if I wanted to filter the data).
2. I uploaded the address file to LinkedIn
3. LinkedIn looked up the email addresses in their network and *asked me* which users I wanted to invite into my network.
This process is a bit more hassle than just giving away your email password, but it’s a lot more secure, and less likely to annoy people with pseudo-spam.
June 16, 2008 at 5:49 pm |
[…] Okay, I want to be social. I want to play with the latest, coolest sites. But why on earth do all these Web2.0 developers have no clue about security and the fundamental rule, don’t share your password with anyone. There is an awesome post on this subject pertaining to Yelp here. And an even older post here. […]
March 26, 2009 at 12:21 am |
На этом сайте можно заказать базу белых каталогов сайтов.
Белая база каталогов
June 4, 2009 at 9:43 am |
need new password
June 4, 2009 at 8:59 pm |
what u want to use it for
June 4, 2009 at 9:10 pm |
is there any one here that want to trade?
June 7, 2009 at 1:20 am |
This is very interesting for me. Thx
January 22, 2010 at 2:54 pm |
Сделайте натуральный, полезный и эстетичный подарок своим родным, близким и коллегам.
ПОДАРОЧНЫЕ НАБОРЫ
Натуральное мыло ручной работы
Соляное мыло (скраб)
Крем-скраб (щербет)
Душистые аромаплитки
Массажные плитки
Молочко сухое для ванны
Шоколад сухой для ванны
Бурлящие шарики
Жемчужины для ванны
Мыло с ароматами духов
Натуральные морские губки
http://viva.tomsk.ru – Позаботься о своём теле, чтобы душе хотелось в нём жить!
January 23, 2010 at 12:47 pm |
, . . .
150 , 30 !
March 14, 2010 at 7:12 pm |
Great post, many amusing points. I believe 6 of days ago, I have viewed a similar blog.
March 16, 2010 at 12:30 am |
Ничего люди не принимают с таким отвращением, как советы. (Д. Аддисон)
March 21, 2010 at 6:45 am |
На видеосайте v-skachke.org можно бесплатно ознакомиться с кино новинками, классическими фильмами, мультфильмами, посмотреть анонсы к видео фильмам и скачать понравившийся фильм по прямой ссылке на большой скорости. Вы найдете любимые жанры видео фильмов: сериалы, боевики, комедии, триллеры, драмы, ужасы и мультики – смотри и скачай новинки кино! скачать кино, скачать фильм, скачать кино новинки, скачать новинки фильмов, скачать новые фильмы, новинки видео, фильмы. Сайт: v-skachke.org
May 14, 2010 at 3:58 pm |
Каталог корейских запчастей реализует запчасти по выгодным ценам. Организуем поставку запчастей в любой регион России и СНГ. Специальные условия продажи для автосервисов
June 5, 2010 at 2:36 pm |
Кузовной цех ниссан весь спектр технических услуг, связанных с ремонтом и обслуживанием автомобилей nissan tino в Москве
September 22, 2010 at 11:21 pm |
Each year tens thousands of people become millionaires by just studying and trading on the Forex market but just a fraction i.e. 2% out of the billions of all those who spend thousands of dollars on the Forex Market and get nothing in return. This elite group of Forex traders never reveal their secrets, and they never want to help somebody else… until now! We announce an independent web portal, dedicated to Forex market, where you can find any information about recent sweet facts, brokers and Expert Advisors. Absolutely FREE! You even can discuss all of them on our firum. Read and write your own reviews on our forum! Learn To Trade Forex – all of it you can find on forextradersreview.com
December 16, 2010 at 9:43 am |
Диверсант – это пейнтбольный клуб в Казани, предлагающий услуги корпоративного отдыха. Пейнтбол- это один из самых веселых и здоровых способов провести с пользой для здоровья свой досуг. К Вашим услугам наши пейнтбольные площадки. Эти площадки выгодно отличаются от всех остальных тем, что большинство укрытий и препятствий- это заброшенные дома, ангары и подземные бункеры оставшиеся после закрытия существовавших на этих местах предприятий. Пейнтбол замечателен ещё и тем, что он не требует специальной физической подготовки и не имеет ограничений по возрасту, в него могут играть как дети, так и взрослые. Приходите в наш клуб, приводите своих детей, родственников, друзей и вы получите множество незабываемых и приятных впечатлений!!! Адрес:Россия г. Казань, ул. Музыкальная д.7,
December 30, 2010 at 12:41 pm |
Очень удобный и красивый блог, щас наверное тоже сделаю типа того 🙂
February 3, 2011 at 2:57 pm |
труба 80Поставки сантехники в Московской области и Москве, поставки полипропиленовх труб в Москве, труб PPRC, поставки отопительного оборудования. Снабжение строительных объектов качественными материалами и оборудованием для восстановления и ремонта инженерных сетей в Москве и Московской области.
February 10, 2011 at 2:59 am |
советы ветеринараВетеринарный портал о ветеринарии. Здесь можно получить консультации по ветеринарии у компетентных ветеринаров. Ветеринар онлайн. Форум ветеринаров.
March 12, 2011 at 9:33 am |
Термоблоки – Специалисты “ТЕРМОБЛОК” на протяжении долгих лет специализируется на изготовлении оборудования для производства газобетона.
April 3, 2011 at 8:56 am |
Замечательный сайт. Хочу предложить свою информацию. Программа «Контроль веса и питания», предназначена для всех кто хочет похудеть и начать правильно питаться. Программа позволит контролировать количество калорий, которое Вы потребляете ежедневно. Анализировать изменение значений объема груди, талии и бедер. Строить графики для анализа. Подробнее на сайте nokaloriy.ru
April 5, 2011 at 11:10 am |
жкх областиКак заставить управляющего ТСЖ выполнять свои обязанности?, как получить услуги управляющей компании в полном объеме? – на эти вопросы может ответить наш веб-сайт, после ознакомления с материалами которого, Вы возьмете ситуацию с управляющей компанией под контроль.
April 28, 2011 at 3:29 am |
Необходимо сказать о сочетании метода апроприации раскрылся в комедии Ябеда, здесь эпоха ускоряет можно спокойно выпускать пластинки раз в три года. Частное порн
September 30, 2011 at 12:03 pm |
PrednisolonePyrantel PamoateOmnicef, ParlodelAmpicillinJelly ED Pack (Viagra Oral Jelly + Cialis Oral Jelly)TrikatuMisoprostol, TriamtereneRisperdalAstymin-M ForteMotiliumNevirapine
September 30, 2011 at 3:53 pm |
InvegaClaritinFML, SunthiNoroxinYerba DietBactrobanAvodart, SeptilinPetsZaditorAnxiety/Sleep AidOpticare Ointment
September 30, 2011 at 10:50 pm |
GokshuraRockIt247Desyrel, Men’s HealthAntabuseSkin CareMalegra DXT (Sildenafil + Duloxetine)Pruflox, ZyrtecBlack CialisUroxatralVP-RX OilAtripla
October 1, 2011 at 5:41 am |
ZanaflexAtenololZometa, LukolKamagraPenis Growth OilCafergotAmikacin, LevaquinActoplus MetEtoposideEstradiol ValerateSulfasalazine
October 3, 2011 at 6:30 pm |
購買onlinebuying衣原體zithromaxcures的抗生素,買antibioticscures chlamydiapurchase zithromaxazithromycin onlinezithromax網上訂購, chlamydiazithromax onlinebuy antibioticshttp azithromycintreatment : / / dnowgekho.com /產品/抗生素/希舒美/訂單 /
October 27, 2011 at 4:28 am |
Здесь Вы можете расслабиться отдохнуть душой и телеом, все самые мыслимые и не мыслимые удовольствия наши элитные индивидуалки сделают все,
Заходим сюда, звоним http://tinyurl.com/5rw8wxn
Вас ждет масса незабываемых впечатлений и ощущений )))
December 6, 2011 at 8:21 pm |
Каждому Привет! Заходите на MobiWapi и качайте только новый софт для мобильников.
December 25, 2011 at 9:30 am |
Каждому Доброе утро! Заходите на музыкальный портал и качайте альбомы mp3!
December 29, 2011 at 8:39 am |
Привет! Большой выбор отпаривателей Monster !
January 5, 2012 at 7:33 am |
selena gomez hotties
March 5, 2012 at 6:00 am |
Ба Дуань Цзинь
Внутренние механизмы воздействия цигун для тело и психику человека изложены в форме, понятной современному европейскому человеку. Детальное изображение и пошаговые инструкции практической части издания выполнены высококачественным DVD-диском, подготовленным лучшими китайскими специалистами Всекитайской Ассоциации Оздоровительного Цигун и представляющим собой прекрасный самоучитель, занятия сообразно которому помогут вам обрести здоровье и душевное равновесие. Это наиболее распрастраненный комплекс 8 кусков парчи.
Советуем вам узнавать с онлайн видео под названием «Оздоровительный цигун Ба Дуань Цзин», которым по праву считают жемчужиной оздоровительного Цигун. В переводе с китайского Ба Дуань Цзин означает «восемь отрезов парчи». Комплекс Ба Дуань Цзин состоит из физических упражнений, сопровождающийся глубоким дыханием. Выполняя упражнения этого комплекса дозволительно очистить устройство через вредных веществ и урегулировать психологическое сословие человека.
March 10, 2012 at 5:57 pm |
Hong Lee and pets dogsPersonal Page of russiam Veterinary doctor Hong Lee and his pets dogs. Forum and photo gallery of our working American Pit-Bull Terieres and Cane Corso. Please, welcome to our homepage.
February 1, 2013 at 9:23 am |
Hey! I know this is kinda off topic but I was wondering if you knew where I
could find a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having difficulty finding one?
Thanks a lot!
April 17, 2013 at 3:22 pm |
Very good article. I will be dealing with many of
these issues as well..
December 17, 2017 at 6:01 pm |
https://www.car2go.com/runr/#/en/CA/registration/account-personal?pc=SUPERPROMO
December 17, 2017 at 7:18 pm |
‘dear new member, please think of methods of reporting phishing scams while signing up with your credit card to rent a car’