click here to skip the menu and go to the page content

rebecca's pocket

about / archive / syndicate

.: January 2008 --> Spock - phishing? JaseZone - spamming.

Spock - phishing? JaseZone - spamming.

» Kevin Kelly points to JaseZone, a new "social network" that creates profiles by scraping the pages of other social networks and then, on behalf of the "user" thus generated, invites that person's connections in the name of that person to join the network.

This reminds me of my experience with another new "social network", Spock. I created a page for myself on Spock after receiving some sort of invitation, and then found another page made with information scraped from MySpace. After prompting the site several times to combine the two profiles - with no result - I found a link that said "claim this page". When I clicked it, it asked me for my MySpace login and password, so it could confirm that I owned the MySpace page.

Let me repeat that: it asked for my MySpace login and password.

Since I was doing about 6 other things at the time, I unthinkingly (and very, very stupidly) typed in the information before I realized the site was asking for my login and password to another site - in other words, phishing. (I immediately changed my MySpace login and password, of course, but I never, ever should have made this mistake at all.)

Spock immediately merged the information into the other page, for what it's worth, but I've been thinking ever since then - what's to stop anyone from creating this kind of an application specifically to collect people's logins and passwords? Nothing, nothing at all.

And considering the mania for signing up on every new social network that appears - and how easily even I fell into this trap - perhaps it would work.

My advice to everyone reading this is to stay far, far away from both JaseZone and Spock - and warn your friends to do the same.

Update: Patrick writes to say:

I thought I might be able to offer a little bit of clarification about your experience with Spock. The reason why we ask for your Myspace credentials is to confirm who you claim to be and that we do not store any of your password information. Since you attempted to claim an additional search result we ask that you provide the information inorder to bypass a customer service review. While you can technically do this process without offering your credentials, this can often take more time and by offering your credentials you're able to quickly merge multiple search results. The reason why you had more than one search result is probably because your are on multiple social networking sites and used different e-mails.
Please note that Spock is primarily a search application that organizes people search in an easy to view and search format. If you have any additional questions please feel free to contact me at

So there you have it. However, you should never, ever give anyone your login and/or password to another site. You really never do know who is on the other end of that webpage, and the people at Spock should know that.

Phishing is a widespread, criminal practice. Responsible websites should work to educate their users about good Web hygiene, not encourage them to blindly trust anyone who asks for information that should never be revealed.

 [ 01.24.08 ]



» primary link / supplemental information / internal link

my book

» the weblog handbook
amazon editors' best of 2002, digital culture

recent posts