It must be a sign of the times. About three weeks after my ten year old daughter had her first “phishing” experience with Genieo adware on one of our family Apple laptop computers, my older (13 year old) daughter managed to accidentally spam over 2000 people (my entire iCloud contacts list) with personalized text messages and emails. The culprits? Her dad who apparently didn’t realize letting another family member use his iCloud account for iTunes Match could also sync all iCloud contacts in his daughter’s iPhone running iOS7. (“That dad” in this story is, of course, ME.) The second culprit would be a new app the daughter installed (around 6 pm CDT today) called “Melt” which forces / tricks users into accepting terms that lets the app upload and then spam the entire iCloud contact list on the iPhone. The most important message for you to read first in this post is as follows:
If you receive a text message or email from my daughter inviting you to connect with her on “Melt,” please ignore it and delete it with my apologies.
Email spam from the “Melt” app looks like this:
SMS spam from the “Melt” app looks like this:
The text message above is one my wife received. She knew it was fishy since our daughter wouldn’t address her in a text message as “Mommy,” she’d say “Mom.” I received two phone calls earlier tonight from people who were our neighbors a few years ago when we still lived in Edmond, alerting me to the strange text messages they’d received. A quick Google search for “iPhone Melt” brought up the “Melt – Let’s be friends!” app.
The first five reviews of the app on the App Store are positive, but starting with review #6 they turn very negative. Apparently others have experienced this “involuntary spamming of all your contacts” problem.
Lessons learned so far (with more likely to come):
- If you sync your iCloud account to another family member’s iPhone so they can use your iTunes Match, be sure your contacts don’t sync over too.
- Beware and discuss this with your spouse and children: Read the fine print carefully before you grant ANY app or website access to your contacts or to post on your behalf. This goes not just for apps, it’s also true for Facebook apps, logging in to websites with Google or Twitter credentials, etc.
- Security on smartphones, tablets, laptops, and other computers is VERY important and something everyone needs to discuss regularly.
- Even smart people can be tricked into clicking YES in an acceptable use agreement that does unacceptable things.
- Connectivity brings benefits as well as risks.
- Take the protection of your information seriously and do what you can to remain both informed and proactively safe.
- Use situations like these as stories you share as “teachable moments” with others, not to “play the fear card” and convince them to give up all mobile computing… but rather to help them become more informed and take reasonable steps to safeguard both their information and their security.
Any others to add? Have you run into a similar situation in your family or circle of contacts?
On a related note, if you’re a Windows user you definitely need to know about the new “CryptoLocker Ransomware.” I learned about it over the weekend listening to the October 23rd “Security Now” podcast with Steve Gibson and Leo Laporte. The English WikiPedia entry for Ransomware has an evolving sub-article on CryptoLocker with external links. It’s nasty and probably the first of more “ransomware” malware programs which will be distributed globally in the months ahead, both on laptop/desktop computers as well as mobiles. The big lesson there is to have a “cold” backup of your computer data. Thankfully CryptoLocker is Windows-only, Mac users and Google Chromebook users aren’t affected. Security issues affect us all, however. We need to stay informed and do our best to act safely. Security awareness about issues like these is an important part of digital citizenship!
UPDATE 10:50 PM CST
It remains a mystery how my iCloud contacts got on my daughter’s phone and merged with hers. My son uses my AppleID for iTunes Match on his phone, but our contacts are not conflated. My daughter does NOT use my AppleID for iTunes Match and hasn’t in the past. I’m suspicious her iTunes sync settings on the laptop we used at home to backup her phone, before she started using iCloud, might be to blame. It’s also possible she used a laptop on my login at some point, and logged into her iCloud account. She has her own iCloud account on her iPhone. I’m not sure if this happened during the iOS7 upgrade process. If anyone has other ideas. please let me know!
Did you know Wes has published 3 eBooks, and 1 of them is available free? Check them out!
If you're trying to listen to a podcast episode and it's not working, check this status page. (Wes is migrating his podcasts to Amazon S3 for hosting.) Remember to follow Wesley Fryer on Twitter (@wfryer), Facebook and Google+. Also "like" Wesley's Facebook pages for "Speed of Creativity Learning" and his eBook, "Playing with Media." Don't miss Wesley's latest technology integration project, "Mapping Media to the Common Core / Curriculum."
On this day..
- Notes from Gary Stager's Keynote: 2012 Interactive Learning Institute #k20ili - 2012
- This Is What Learning Looks Like by Gary Stager (Nov 2012) - 2012
- Puffin Web Browser for Flash Movies on iOS - 2011
- Podcast385: Interview with Frederic-Auguste Bartholdi (Glenn Stoops) - 2011
- Blackboard Users: Consider the Parable of The Tailor - 2010
- Ning Flash Videos now iOS Compatible with Skyfire Browser - 2010
- A proposed student social media protest campaign for NYSCATE - 2009
- A perfect soup dumpling ending to our China adventure - 2009
- Podcast290: The Magic of Digital: Collaborative Interaction in Teacher Professional Development - 2008
- Digital audio alternatives by Will Birchett - 2007