Guest guest Posted January 10, 2011 Report Share Posted January 10, 2011 Hey everyone,.......I received an e-mail from who I thought was a friend saying she had tagged me in a photo at "Shoppybag". This is a scam/malware, and if you receive this in your e-mail and click on the blue link it will get all your contacts and e-mail this message to them too. Below is what I found about what to do about this. If anyone else has any other suggestions then please post it. I DID NOT CLICK ON THE BLUE LINE AS THE MESSAGE CAME IN MY SPAM! This is happening a lot with different spammers and it makes you not know what you can open and what you shouldn't when you think its coming from someone you know. I am inclined NOT to open any links/attachments anymore because of it. :-( _________________________________________ Unfortunately denying ShoppyBag access doesn't prevent them from spamming your contacts. It does prevent them from getting your contact list at will, however once you click on that link, it downloads all your contacts to their servers, and spams people in your name. As was pointed out It does *not* require a password, (As long as your browser "keeps you logged in") as your google session is persistent, and shoppybag can use the "requested authorization" (Which is the link they spam to you) to then download all of your contacts and attach your name to them. Basically, by clicking on that link, you're treating shoppy bag as one of the google 'add ons' and they're using the fact that you're already logged in to your google account to hit up your gmail for contact information, as that's one of the things that 'add ons' can do (So you can, for example, share documents in google docs with other people in your contacts from gmail) That they are using this feature unscrupulously is very very bad, and seems like a gigantic security hole on google's part. I personally consider my contacts to be as private of information as the contents of my e-mail, to share that with a third party without my explicit authorization *by google's servers, not the third party* Is ridiculous and poor coding on someone's part, somewhere. I suspect this wasn't google's intent, and that it is in fact just a giant muck up, but it makes me very very upset. As to ShoppyBag itself, I'm not sure, but I think what they're doing may be illegal. If it is, shutting them down may be about the only way to prevent them sending out e-mails in your name once they've got your info. Hugs, Jackie Hugs, Jackie Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.