The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Friday, April 06, 2007

Don't give your password to Tagged.com; it's a phishing site

Well, it's been a very busy couple of weeks for me (more on this later), so I have a lot of catching up to do. Are you sitting comfortably? Good; let's begin.

Got a piece of email today. A friend had invited me to one of the many new social networking sites that have been springing up lately. I figured what the hell, she's my friend, I'll go ahead and click on the link.

The next thing I know, I'm being asked for my gmail account name and password.

Yes, I was suckered into signing up with a phishing site. No, I wasn't suckered into actually giving them my password. But I'll bet plenty of people were. It should be interesting to see what my friend has to say. Odds are, she never even sent out the invite in the first place.

Here's a blog entry by someone else who fell for it.

I wrote about a similar scam, playbingolive.com, a few months ago.

Update: Another blog gives tagged.com's MO in much more detail. So far, the phishing only seems intended to drive more traffic to the site.

28 Comments:

Anonymous Anonymous said...

Are you sure they are phishing? I gave them my password to see all my friends who are on the Tagged already and now have a big friends list and use it everyday (instead of MySpace which has gotten too cluttered). And I haven't seen anything weird with my gmail account... I think lots of web 2.0 companies these days ask for passwords for address book importing (YouTube, Bebo, etc.) and content posting (Slide, RockYou, etc.), it's not the most secure thing but I haven't seen anything nefarious with Tagged.

4:03 PM  
Blogger Spam Diaries said...

A couple of things make me suspicious. First of all, for any site to ask for your password to another site is extremely inappropriate. Secondly, when I tried to click on their "terms and conditions" link, I was instead redirected to the sign-on page. At first, I thought this was a bug, but combined with the password business, and some of the things I learned from Googling them, it only looks more suspicious.

Have any of your contacts reported receiving email from you that you didn't send?

Even if tagged.com is a genuine site, their asking for passwords they're not supposed to have is extremely inappropriate.

9:55 PM  
Blogger Spam Diaries said...

One more update: I got another spam "from" my friend. When I clicked "no", I was taken to the signup page anyway.

Definately not a legit site.

1:04 PM  
Anonymous Anonymous said...

facebook does the same thing, does that make them a phishing site?

7:54 AM  
Blogger Spam Diaries said...

I'm not so sure where I stand on tagged.com. On one hand, the phishing seems (so far) to be entirely aimed at driving up their own traffic, rather than stealing personal information. On the other hand, many of their practices seem shady to me, such as the fact that even if you say "no", you get taken to the same sign-up page as if you'd said "yes".

9:07 AM  
Anonymous Anonymous said...

Tagged.com and Tagged are phishing and spamming too. My friend got a Tagged email from someone and she clicked "no" and didn't do anything else and Tagged still got a hold of all of her contacts list and sent them a "Tagged" email too.

Commandeering a contacts list like this is bad, wrong---and there is no reason to believe attempting to unsubscribe will do any good.

12:56 PM  
Blogger Lloyd J Chilcott said...

I have recently been contacted by someone who claims to be connected with Tagged.com. It was stated that I had 'won' an annual 'lottery' prize{reported to be US$1.5 million), drawn by Tagged. Naturally I believed this to be the beginning of a scam, and waited for further contact.
I have now received several follow-up communications from this person/s, and several have included names, addresses and phone numbers of persons involved in seeing that I receive my 'Prize', and instructions on what I need to do to claim this money.
After 4-5 such messages, I finally received the much anticipated request for 'Handling Fees & Charges' associated with transferring these winnings to me, along with assurances that once these monies were paid to an address in England, I would receive my winnings in Australia.
I have resisted the urge to ask "What part of Nigeria do you come from?", but I have saved copies of all of the correspondence thus far.
I am unsure of who this should be reported to, and perhaps you can advise me in this regard.
Kind Regards
Lloyd J Chilcott.

10:57 PM  
Blogger Unknown said...

This is one of the worst sites on the net. Tricking people out of their contact list is illegal.This jerk at abuse
makes it voluntary on your part if you click "yes" . You gave them the right to take you contacts list without your knowledge...Yeh, that sound like stealing all right!

Should a stranger be asking you for your email login? Most of you know you should not do that, but slick
trickery can fool some.

Read on:

First I want to say, I did not click on yes or no....

I complained to abuse@above.net on behalf of someone else "victim " # ?(who knows)

and hope you all will to. The problem is the above.net person seemed to be defensive of this site, which is unusual. In every case I am aware of, they are trying to "protect" the consumer, but in this case, I was threatened with legal action when I called it "stealing" when it is in fact just that, and I am gathering information from this site as well as others, and may contact people to get declarations if this group of scammers try to threaten me again..Here is the text of the message I received from so called "abuse" see if this sounds like the position someone takes, who is trying to be on the side of you and others who have been scammed by this site.

their position:

Dear Farhana,

"Steal" is a very strong term and carrying possible severe penalties. In every instance that I've investigated to date, the email address and specifically the password for the email account was provided freely by the complainant.

Please provide any evidence that you may have, not just the accusation, that your email password was obtained by means other than by you providing it to them.

Sincerely,

Larry McDonald
Policy Enforcement
AboveNet Communications, Inc.
http://www.above.net/corporate/acceptableuse.html
http://www.above.net/corporate/antispam.html

6:52 PM  
Anonymous Anonymous said...

Recent victom: Signed up for tagged.com, and while entering the registration info I was prompted for mothers maiden name, which like an idioit I entered. I now have one $15 and another $13 charge showing up on my phone bill, which I specifically tracked down to the exact moments I registered with Tagged.com.

VERY SHADY WEBSITE!!

9:21 AM  
Blogger Spam Diaries said...

Ooohh, bad move. You should probably contact your mother as soon as possible and get her to change her maiden name.

1:11 PM  
Anonymous Anonymous said...

Tagged.com is definitely very shady in their so-called questionable practice's.

I got scr##wed and made the mistake in giving them a mostly business/personal email address and this sob website sent EVERYONE a spam email from yours truly.

There's more info on how this spam/scam is operating at:
http://internetscamphishing.blogspot.com/2008/01/is-taggedcom-scam.html which I really wish I would of read before this embarrassing episode in contacting all my friends and business associates and trying to explain to them

I DID NOT SEND THEM SPAM

Tagged.com DID!

Eerrr-
This crap should be outlawed!

5:31 PM  
Blogger Karen said...

I've been receiving e-mails saying I've been "Tagged" by a former co-worker and inviting me to join.

When I received the first one, I'd never heard of Tagged. Now that I've done a little research I am ever so glad I didn't respond!

8:35 AM  
Anonymous Anonymous said...

I ignored requests from Tagged for a long time, and then received a request something like "your friend will be sad...". It was really my stupidity that I attempted to make an account. Even though I quit to complete the process because of its specific questions about my individual credentials, I then began to receive tons of trash emails. It really annoys me these days, since this e-mail address has been one of my three primary e-mail address in contacting with friends, and I dont want to discard it. However, I know that once a thing like this happened to an eamil account, sitution will just get worse. I unsubsribed from Tagged.com, but it is already too late. Trash e-mails are still keep coming to this email box, I have to clear them every day, otherwise this email box will be full of those trash emails for only some days. I really hate Tagged.com. My friend who was supposed to give me that invitation was also decieved by Tagged.com, and exposed our e-mail contacts to Tagged.com, and allowed it to send "invitations." It seems that I can do nothing to stop those transh e-mails now. It is certainly my responsibilty too since I did not carefully review their terms. I really want to say... "F**k you Tagged.com"

6:13 AM  
Anonymous Anonymous said...

TAGGED... You're it... :P

Anyways, I clicked "yes" but I thought I was already a member of "tagged" so I wasn't really worried, but as soon as I saw that it wanted me to register, I knew it was a scam, or at least sensed it. Then it asked for my PASSWORD to me EMAIL!!! HELLLLOOOOOOOO. I immediately did search on them and after a few tries found this place. Uhm...NO... you do NOT get to have my EMAIL PASSWORD. Do NOT pass go, do NOT collect $200 or my PASSWORD.. Hahahaha!

I'm not even giving THIS website my password to my google/blogger account so as to have this comment linked to my google/blogger account!!! I'm THAT protective of my password! :P

6:28 PM  
Anonymous Anonymous said...

I received an email and obviously not stupid, I went there but did not give my password.

Still this has had a adverse effect on me since some other person (who knows who it was) did and it ended up thankfully (and not) linking to my website.

Well there was only one reason I went there, that the person it came from I took a photos at race of the family.

I was kind enough to email these and free so I got in there address book.

When I went to log in it was under my websites email, guess what:ERROR Code 500 ..hmmmm

So curiousity killed the cat, I entered my hotmail address and in. Then the questions and asking for password to my email. I bypassed since it was already fraud.

But damage done, I run a small website and now I am going to kill the site.

I emailed Microsoft Security and have no idea if they are doing anything, and also asked them just to email me to let me know that some action has been taken.

Nothing yet but it's only been a three days so I'm still waiting.

But Tagged.com may have ruined my name and reputation partially.

Also while on Tagged.com I kept track of any activity (UPD) and logged the IP's.....Long story.

Last: I tried again under a false yahoo.com email - it accepts that so we all get the picture - no Error 500, hmmmm.

Tagged IMHO is just a site that is stealing passwords along with the other know poison.

Why hasn't any of the majors (MS/Yahoo) done anything to date?

People, do NOT ever accept anything from this site. Even in my case I didn't leave my hotmail password, I have deleted all of my contacts and ie: am KillStat my nickname.

Between Google and the information it gives out (my cell phone number is one) and places like Tagged.com - I really at this point could care less about the internet.

Invasion of privacy is the most important issue as far as I'm concerned and I'm sick of it all.

Sorry for the long reply but maybe some people will learn from others, since until I received the email I never heard of the site.

Thank You!

11:25 PM  
Anonymous Anonymous said...

I know you wrote this a while ago, but it's still important. As far as I see it Tagged is phishing. They collected personal information on me and my email address to send me email I didn't ask for or want that makes them money. That's call spam and phishing right? They say on their site they respond to privacy concerns. I know that's not true. The first time I go an email from Tagged I wrote an email asking questions about the information they collected about me from my friends address book. They never replied. An annoying part for me is since I didn't join so they send me more mail saying I have been tagged. I wish there was a way to get them to stop spamming me. If they won't address privacy concerns I doubt they worry about spamming me.

11:55 PM  
Anonymous Anonymous said...

I don't get it, I've been on Tagged for years with no problem. I think I did join because of a email. I'm not sure if it was automatic or he invited me. Anyways, I clicked skip when it asked for my gmail password. I mean come on, who would give that out? They never asked for any mothers maiden name. What I think does happens is that some site pretends to be tagged or other sites and does ask all it can so that it can do any number of things for using you email, money, bank, etc.. As far clicking yes or no to something in an email, again we should all know better. There is the delete button and marking as spam, or whatever spam system you use. I don't see how they can get into your email account if you don't give them your password unless you used the same password for most things, ie the same password for your email and for tagged. I assume tagged or the spoofer would try that. I've been on Tagged for years and am very happy. Tagged gets it's share of Nigerians and such. That is my only complaint. I've met lots of nice people who are dear friends now.

7:13 PM  
Anonymous Anonymous said...

This comment has been removed by a blog administrator.

5:27 AM  
Anonymous Anonymous said...

This comment has been removed by a blog administrator.

8:11 AM  
Anonymous Anonymous said...

absolutely no necessitation for giving any site your email or other account password information, even if it is a social network site that wants to import your user settings. total scam, dont ever do it. ya they might actually create an account for you, but its a cover so they can steal all of your info and force your account to send out spam so they can sell more crap. each social networking protocol such as yahoo or msn contain the necessary code for transmitting a users friend list etc etc....requiring a users password to join is inexcusable and in my opinion, downright fraudulent, regardless of how you want to sugar coat it with euphanisms.

1:42 AM  
Anonymous Anonymous said...

currently there is no option to opt out of giving a password, or its obfuscated, second, facebook doesnt require that you give it your other accounts passwords, but its there for extra help in tracking down friends. there is an obvious flaw with it though, what if your friends didnt give their yahoo information? then you handed over your account info for nothing. and i still detest even the notion of requesting that info even from facebook.

1:45 AM  
Anonymous Anonymous said...

I can't believe anyone would give out any password to anything to any site. What are all you people thinking?

If you are willing to let some unknown have all your email info, can I have your checkbook? And your house keys?

9:05 PM  
Anonymous Anonymous said...

it's NOT a legitimate site! Legitimate sites do not send emails from you that you never sent. people say they've gotten emails from me "richard posted photos of you on tagged" I'm NOT ON TAGGED and I think they should all be shot!

5:17 AM  
Anonymous Anonymous said...

Your blog posts information that tagged.com is on AboveNet's network. Tagged.com is not on AboveNet's network.

The email referenced was dated March 2007 and that information is no longer valid.


You can use any one of the free resources below to determine current network provider of tagged.com/taggedmail.com:


http://www.dnstrouble.com/
http://thednsreport.com/
http://mydnstools.info/
http://dnsbench.com/
http://www.domaintools.com/
http://www.trimmail.com/news/tools/
http://www.iptools.biz/
http://www.robtex.com/
http://who.is/
https://ws.arin.net/whois
http://www.senderbase.org
http://www.spamhaus.org/sbl
http://www.trimmail.com/news/tools/
http://network-tools.com/


There are dozens of other similar sites available as well.


Please report tagged.com complaints to the appropriate network provider.


AboveNet Communications, Inc.
Policy Enforcement
http://www.above.net/corporate/acceptableuse.html
http://www.above.net/corporate/antispam.html

12:38 PM  
Anonymous Anonymous said...

I received an email from a friend saying that they had pictures for me. Since I actually was expecting pictures from them I opened the email & signed up to be on tagged.com. Yes I was caught off guard and actually gave them my aol account & password in the sign up process and suddenly my address book was attacked. Everone in it was sent an email claiming to be from me with same promise of pictures. There were never any pictures, not from my original friend and not from me so how is this legal? Just because they are a legitimate site does not make them a legitimate company. One of my contacts inocently signed up too and has been bombarded with emails from new "friends" that resemble hookers.This site should be shut down!

7:57 PM  
Anonymous Anonymous said...

I dont trust Tagged at all as I have had two profiles there and both have been cancelled for no reason. On both occations, I posted a picture up which they say violated their terms. Yes that same picture was taken off someone else's profile who had had it up for over 6 months!!! Is it because I come from Africa..? Tagged definitely discriminate against its members. They do look into all your private stuff on your emails as both myself and a friend I met on Tagged has had that happen.

We also had the experience of them emailing all our contacts to gain membership. ow legal is that ?

When one tries to contact them, its a no go area even if its for techinical support. This chap Greg is obviously in this for his own gain and not the gain of making it a friendly site. I DONT advocate anyone joining this site. There is something realy fishy about it.

Thanks for allowing me to aire my thoughts.

6:29 AM  
Anonymous Anonymous said...

I'll never go on tagged again, or believe anything online. The old classic trap of course got me, a girl named princessfocker, princess f is tagged name is a fake claiming to be a model, and got me to sign up to websites. She said she was in Philippines on holiday with manager and she could come to australia.

Her profile says East Brisbane which found out too late a friend she has on tagged never met her and lives in same suburb.

I hope they all get what they deserve and karma come to them one day. Started of course by send $200 then some more and more after that. I did lose a fair bit but can recover easily still. Just won't trust anything again.

2:25 AM  
Anonymous Anonymous said...

I got invitation from an unknown person back in late 2000s. I didnt react. The reminder kept coming and coming. At some point, I did react and register myself. Big Mistake. After registration, I forgot about this website and my account in this website. After few years, due to spam emails landing on my email box logged into see. What surprised me was this profile is very active and running. I never logged into this website Tagged.com at all. But still it has been very very active. I have been buying pets for years. Which all happened without my involvement. Did anyone have this experience?

1:56 AM  

Post a Comment

<< Home