locked
Reunion.com accesses your address book firewall/virus/spyware/phishing RRS feed

  • General discussion

  • Don't know where this belongs or if it is a OneCare issue or a Microsoft phishing issue.  A close friend "sent" me an e-mail that appeared as if she were asking me to join Reunion.com to see all the people who were looking for me. There was a link, which I clicked, and it took me to a signup page. I was suspicious, so I called my friend, who told me that she was embarrassed because she'd received a similar e-mail from a friend and had signed up, and apparently the site got into her address book or e-mail and sent out e-mails to everyone she knew. I reported this as phishing to Microsoft and added the site to blocked sites in Outlook. Unless it's buried deep in the Terms of Use statement, there's absolutely no indication that Reunion.com is going to raid your address book and send out e-mails to everyone you know. I don't know if Reunion.com would have been able to access my e-mail/address book had I registered, but I suspect that it would have. I find all this web security stuff utterly confusing. I suspect that once I've clicked on a link in an e-mail, there's not much anyone can to to protect me, so I have to protect myself. Anyway, I thought I'd post this to warn other folks, and in case there's something Microsoft and/or One Care can do to block these folks from this practice.
    Tuesday, February 3, 2009 1:10 AM

All replies

  • Hello Hallie S, as security products have improved malware authors have turned more towards "social engineering", that is, tricking a user into opening an e-mail attachment or a link that appears to be from a friend or a company you have done business with in the past. I am not familiar with renunion.com but it is unlikely they would access your personal data. Most likely the e-mails are not from renunion.com but someone impersonating them. There is really no defense against this type of behavior other than deleting e-mails from unexpected or unknown sources.
    Jim
    Tuesday, February 3, 2009 5:24 AM
    Moderator
  • Actually, this is unfortunately a fairly common practice by many of the social sites today. Though some might ask, many simply harvest your Address Book without ever mentioning it and then spam all of your contacts in an attempt to increase membership. Since you've basically invited them into your PC if you begin their sign-up process, there's really nothing anyone can do to protect you once you've accepted their terms of use.

    http://consumerist.com/380751/reunioncom-will-scrape-your-address-book-then-spam-your-contacts

    http://search.live.com/results.aspx?q=social+sites+scrape+address+book&go=&form=QBRE

    That's one of the many reasons I'd tell everyone to stay away from all of these sites, since they're nothing but spam and malware magnets. All you'll find at the big social sites are children who shouldn't be there and predators.

    If you want to communicate with people, find some good forums with some solid policies and subjects that interest you, the class of people is usually much higher.


    OneCareBear
    Windows OneCare Forum Moderator
    Tuesday, February 3, 2009 6:37 AM
    Moderator
  • Thanks for the response, and thanks, OneBear, for the links.  Now I know a new term, "scraping". It was more or less what I thought. I don't do social networks, and I never click on the ads these search-for-your-friends sites put on other sites (including by the way, Microsoft.com - when I did a search for Resume.dot com on the Microsoft Help site, all I got was a bunch what appeared to be sponsored links to resume.com). I know that they're ripoffs, but I was unaware that they went as far as raiding your address book without telling you. Did Microsoft ever consider hosting a forum where users could post warnings about social engineering scams they'd encountered? I tried to find something of the kind before posting here, but all I could find was a very technical security newsgroup that was obviously aimed at network administrators.

    By the way, what gives with the Windows Live One Care forums? I tried to be a safe user and get to this discussion by opening OneCare and going to the forum (as opposed to clicking on the link in the e-mail you sent me alerting me that there was a response). My search for "My Threads" returned nothing. I remembered it was in the firewall forum, but clicking on the forum got me nothing , and clicking on the link that said the forum had been moved also got me nothing except a "we couldn't find this" message. Can't remember what I did differently to get into this forum in the first place, because most of the time I get stuck in that "you can't get there from here" loop when I try to reach this forum from OneCare.
    Thursday, February 5, 2009 3:48 PM
  • I'll take the forum question. :-)
    The link for the forum within OneCare and from the OneCare site points to the old location. The OneCare forums are hosted by Microsoft within the Communities environment which includes MSDN specific forums, targeted at developers. When the OneCare team was looking to set up a community forum, the MSDN folks were happy to set the structure up and host the forums. That platform was in need of an upgrade, but it meant moving each forum to new servers. The OneCare forum moved in December of last year. We're waiting for the links to be updated, but in the meantime, the way it is supposed to work is that clicking on the link to the old forum location should redirect you here.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Thursday, February 5, 2009 4:10 PM
    Moderator