It must be a sign of the times. About three weeks after my ten year old daughter had her first “phishing” experience with Genieo adware on one of our family Apple laptop computers, my older (13 year old) daughter managed to accidentally spam over 2000 people (my entire iCloud contacts list) with personalized text messages and emails. The culprits? Her dad who apparently didn’t realize letting another family member use his iCloud account for iTunes Match could also sync all iCloud contacts in his daughter’s iPhone running iOS7. (“That dad” in this story is, of course, ME.) The second culprit would be a new app the daughter installed (around 6 pm CDT today) called “Melt” which forces / tricks users into accepting terms that lets the app upload and then spam the entire iCloud contact list on the iPhone. The most important message for you to read first in this post is as follows:

If you receive a text message or email from my daughter inviting you to connect with her on “Melt,” please ignore it and delete it with my apologies.

Email spam from the “Melt” app looks like this:

Melt App Spam

SMS spam from the “Melt” app looks like this:

Melt App SMS Spam

The text message above is one my wife received. She knew it was fishy since our daughter wouldn’t address her in a text message as “Mommy,” she’d say “Mom.” I received two phone calls earlier tonight from people who were our neighbors a few years ago when we still lived in Edmond, alerting me to the strange text messages they’d received. A quick Google search for “iPhone Melt” brought up the “Melt – Let’s be friends!” app.

Beware of iPhone "Melt" app phishing

The first five reviews of the app on the App Store are positive, but starting with review #6 they turn very negative. Apparently others have experienced this “involuntary spamming of all your contacts” problem.

Negative reviews of iPhone app Melt

Lessons learned so far (with more likely to come):

  1. If you sync your iCloud account to another family member’s iPhone so they can use your iTunes Match, be sure your contacts don’t sync over too.
  2. Beware and discuss this with your spouse and children: Read the fine print carefully before you grant ANY app or website access to your contacts or to post on your behalf. This goes not just for apps, it’s also true for Facebook apps, logging in to websites with Google or Twitter credentials, etc.
  3. Security on smartphones, tablets, laptops, and other computers is VERY important and something everyone needs to discuss regularly.
  4. Even smart people can be tricked into clicking YES in an acceptable use agreement that does unacceptable things.
  5. Connectivity brings benefits as well as risks.
  6. Take the protection of your information seriously and do what you can to remain both informed and proactively safe.
  7. Use situations like these as stories you share as “teachable moments” with others, not to “play the fear card” and convince them to give up all mobile computing… but rather to help them become more informed and take reasonable steps to safeguard both their information and their security.

Any others to add? Have you run into a similar situation in your family or circle of contacts?

Spam by mrdodgy, on Flickr
Creative Commons Attribution 2.0 Generic License  by  mrdodgy 

On a related note, if you’re a Windows user you definitely need to know about the new “CryptoLocker Ransomware.” I learned about it over the weekend listening to the October 23rd “Security Now” podcast with Steve Gibson and Leo Laporte. The English WikiPedia entry for Ransomware has an evolving sub-article on CryptoLocker with external links. It’s nasty and probably the first of more “ransomware” malware programs which will be distributed globally in the months ahead, both on laptop/desktop computers as well as mobiles. The big lesson there is to have a “cold” backup of your computer data. Thankfully CryptoLocker is Windows-only, Mac users and Google Chromebook users aren’t affected. Security issues affect us all, however. We need to stay informed and do our best to act safely. Security awareness about issues like these is an important part of digital citizenship!

UPDATE 10:50 PM CST
It remains a mystery how my iCloud contacts got on my daughter’s phone and merged with hers. My son uses my AppleID for iTunes Match on his phone, but our contacts are not conflated. My daughter does NOT use my AppleID for iTunes Match and hasn’t in the past. I’m suspicious her iTunes sync settings on the laptop we used at home to backup her phone, before she started using iCloud, might be to blame. It’s also possible she used a laptop on my login at some point, and logged into her iCloud account. She has her own iCloud account on her iPhone. I’m not sure if this happened during the iOS7 upgrade process. If anyone has other ideas. please let me know!

Technorati Tags: , , , , , , , , ,


Check out Wesley's new ebook, "Mapping Media to the Common Core: Volume I." (2013) It's $15!

If you're trying to listen to a podcast episode and it's not working, check this status page. (Wes is migrating his podcasts to Amazon S3 for hosting.) Remember to follow Wesley Fryer on Twitter (@wfryer), Facebook and Google+. Also "like" Wesley's Facebook pages for "Speed of Creativity Learning" and his eBook, "Playing with Media." Don't miss Wesley's latest technology integration project, "Mapping Media to the Common Core / Curriculum."

On this day..

Share →
  • Victoria Williams

    Hello, My name is Victoria Williams and I am an EDM 310 student at The University of South Alabama. This blog post was very informative to me because I wasn’t aware that the icloud would sync contacts. I also am not very knowledgeable about many viruses that can get on PC or MAC so thank you for sharing your knowledge. This information will probaully save me headache of spam or virus. Thanks again for sharing.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.

Made with Love in Oklahoma City