Beware of Quechup Spam Scam

By Wesley Fryer On September 7, 2007 · · 6 Comments

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

As social networking websites continue to proliferate, the need to be tech-savvy and aware of online scams grows more important. The latest buzz in the Twitter community (thanks Chris Lehmann) and elsewhere regards the social network Quechup, which reportedly is mining email contacts from people who sign up and spam those people without getting permission first.

I’ve been wary of sites which ask me to login with my yahoo credentials so they can access my contacts there– in the last two months I’ve consolidated all my personal and work contacts via Yahoo’s free Autosync program, Plaxo, and the iPhone’s iTunes Address book to Yahoo sync functionality. This has helped me keep all my contacts up to date and accessible, but also makes me more susceptible to scams (as well as my contacts) if I authorize a website to access my contacts in a situation like this.

A quick search of Technorati for “Quechup” turns up over 500 recent posts giving even more details about the scam. A fair number of folks are pretty upset by this.

Here are some key takeaways from this situation:

Just because you receive an email from someone you know inviting you to join an online social network, do NOT trust that the invitation was actually sent by them or that the network/website is a good idea to join. If you see something recommended on a blog you already trust, that is most likely a recommendation you can take at face value. When it comes to email, don’t be so fast to trust.
When you are signing up for ANY online social network or registering any type of online profile, be VERY wary if the site asks you to login to your Yahoo mail, gMail, or other account so the site can access your contact list. This example shows that not all website developers are scrupulous (duh, that shouldn’t be a real “announcement” for anyone I guess) and you won’t necessarily be asked for permission if you grant them that access to your account– they may go right ahead and grab all your contact information and use it for their own purposes.
Consider using a different password for each different website profile you create. Yes, I know that sounds painful, but from a security standpoint, it is really a good idea. Why? Let’s think of the consequences here… You use the same userid and password with all the website profiles you set up… Then along comes a site like Quechup that has no problem grabbing all your contacts’ information and using it as they please without your permission, perhaps even selling that information to other online marketers… If they have your “universal password” then how might they maliciously malign or harm you in other ways… who can tell?
This specific situation shows the dynamic nature of the web, the need to help others and ourselves become and remain digitally literate, and the importance of social networking. If I wasn’t connected to a social network of savvy digital users via Twitter, I probably wouldn’t know about this scam at all! Just because someone knows about phishing doesn’t mean they’ll naturally know how to handle the newest invented online scam. We not only need to be media and information savvy, we need to be CONNECTED to remain safe and “healthy” in our lives online.

Bottom line: Be savvy, stay informed, stay connected, and don’t take email messages at face value! That should be digital literacy lesson #1 I suppose!

Spread the word… avoid Quechup! I’m sticking with Facebook!

Technorati Tags:
quechup, socialnetworking, safety, internetsafety, dsn

Remember to follow Wesley Fryer on Twitter (@wfryer), Facebook and Google+. Also "like" Wesley's Facebook pages for "Speed of Creativity Learning" and his eBook, "Playing with Media." Don't miss Wesley's latest technology integration project, "Mapping Media to the Common Core / Curriculum."

On this day..

http://24learning.blogspot.com Paul Wilkinson

Hey thanks for the heads up on this scam. I was “invited” by Steve Dembo. I’ll go post him a comment. Cheers
http://podcasting.ie Bernie Goldbach ’76

Several of my friends with BBC address books accidentally permitted them to be harvested so the incoming spammy invitations may not appear to be what they actually are when you open them.
Pingback: Scam Related News (09/09/2007) : Scam Alerts
http://www.storyofmysecondlife.com Kevin Jarrett

Hey Wes,

What I find really fascinating about Quechup is its rate of infection and deployment trajectory. To wit: the Second Life community appeared to be infected with this about two weeks ago:

http://www.storyofmysecondlife.com/?p=394

Where it raged for a few days before subsiding. Now, two weeks later, it’s picking up again, but affecting the Web2.0 community (mostly).

It would be incredibly interesting for someone to do a “six degrees of separation” style analysis and backtrack through the spam to trace the original source, sort of like the people who brought the Gypsy Moth to the USA in the 1860s (source: wikipedia) thinking it was a silkworm…LOL

-kj-
Pingback: Quechup
TerryG

So very tru.

I was recently scammed by http://3500weekly.com/ who promised me a 800 page website. I paid my money and then they turned around and told me I had to pay a huge monthly hosting fee. The original sales page does not state having to pay any more than the asking price. Steer clear of this one. By the way they won’t refund neither.