The popularity of sites such as Facebook and MySpace have spawned malicious imitators. The main tactic they use to peddle their scams is “social engineering”. Wikipedia has a good definition: “Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access.”

I recently got an email from a friend asking me to log onto tagged.com and look at her photos:

tagged
Click on image to enlarge

Tagged.com advertises itself as a Social Networking site. Notice three things on the screenshot: 1) Tagged shows a link at the bottom that essentially appears to be a sort of “unsubscribe” request (and you’ll soon see why that’s pertinent to this issue), 2) They are engaging in a bit of social engineering by implying that the sender will be disappointed if you don’t go to tagged.com (“Please respond or JoRose may think you said no” ), and 3) They used JoRose’s last name twice (not necessarily remarkable, but again you’ll see why this is pertinent).

Since JoRose is a close friend and DOES send me photos now and then (though this is the first time a request to look at her photos came via tagged), and since this tagged thing raised my eyebrows a little, I fired up my sandbox, loaded some extra security software, and went to the site in my sandboxed browser.

What I saw raised my eyebrows even more:

Tagged.com
Click on image to enlarge

They wanted a lot of Personally Identifiable Information (“PII”). That is not necessarily unusual for Social Networking sites, but it really raised my eyebrows when I saw that they wanted my email password. Ironically, they have a spambot field too . . . ironic, because they themselves are engaged in spamming, as I later found out.

But JoRose does in fact have friends named “Kathy H” and “Craig E”, so it did appear to be legitimate (that’s part of the scam too, again as I later found out).

In any case, I wasn’t about to release my email password. I was going to email JoRose to resend the photos another way. But before I did that, I got another email from her that confirmed all my suspicions:

“Someone “tagged” me the other day and somehow everyone in my address book has now been tagged. I don’t know what it is or how it happened other than that I opened the one sent to me. I can’t seem to unsubscribe. If you haven’t opened it, don’t. If you have and can figure out how to get rid of it, please let me know. It has not caused me any problems, but I am not sure what it is. I do NOT have any pictures in it even though it says I do. I am not going to open any “tagged” items and hope it will go away. I hope it isn’t causing you any inconveniences!

Jo Rose”

So, now it all made more sense. The reason they used JoRose’s full name is because it came out of someone’s address book and it ended up as part of a script. And as JoRose unfortunately found out, they don’t honor unsubscribe requests (like all spammers). An unsubscribe request (and they pitch this from the very beginning with their “Click here to block all emails from Tagged . . .” nonsense shown in the first screen shot) will just get you elevated to their “live addresses” spam list.

Phewwww . . . dodged a bullet there, since I never opened it. That email prompted me to do some investigation . . . the usual who is, IP searches, robtex.com stuff, blacklist searches, etc. Tagged.com is in fact listed in blacklists for spamming, failure to execute an unsubscribe request, fraudulent scams, etc.

The “social engineering” tactic is central to the propagation of their scams. Most people are so curious about what these pictures are, especially when they see a familiar name and a photo that they fill out the info (as JoRose did).

Tagged.com is not the only culprit here. As I said in my opening, these fake social networking sites are cropping up more and more.