FC NOW: The Fast Company Weblog
April 20, 2007
My Week on MySpace
Yesterday, I wrote a blog post about the safety of social networks. I would personally like to rescind that and talk about how I have since been violated by the lack of security on MySpace. While I am still a firm believer in Facebook and the precautions that site takes to protect its users, my prior apprehensions about joining MySpace have been reaffirmed by today's events. (Prior qualms included lack of security and overabundance of advertising)
I logged on to MySpace this morning as I have been everyday this week. It was becoming as natural as checking my email every morning and I was finally starting to grasp some of the nuances of using the site. Although, I quickly became frustrated when I could not post a comment to a friend's wall and the site continued to redirect me back to my homepage. That is where I found the message from "Tom", the universal MySpace friend, that has set this blog in motion.
Tom told me that my account had been phished and that it was possible that someone had stolen my email address, password, and had complete access to my profile. My profile was then blocked from doing anything on the site until I changed my password. (Although the phisher could clearly change this too, since he already had my password.) Thinking that this might be a normal occurrence (even though nothing like this has happened to me in the three years that I have been a Facebook member), I followed the prompts to change my password. I did just that and thought I could MySpace to my heart's content -- boy -- was I wrong!
My account subsequently got phished five more times -- each time I changed my password and hoped for the best. I responded by sending messages to MySpace customer service where a form letter told me that they would contact me by email. I have yet to hear back from MySpace and their corporate machine. Apparently, News Corp.'s advertising bonanza doesn't have time for the little guy.
I am no longer a MySpace member. I am now hoping that any information my "phisher" might have attained through my sparse profile does not affect my friends who have so openly displayed their lives on the site and who accepted my friendship through the site in such blind faith that I am someone they know and trust.
In an interview with Alex Pasquariello (a fellow Fast Company writer) for a Fast Talk in our May 2007 issue, Symantec's Zulfikar Ramzan told Mr. Pasquariello that it is not uncommon for internet thieves to use social networks to steal people's information and use the bond that the victim has created with networked friends to direct friends to false sites that will essentially rip them off. (This part of the interview did not make the cut into the print edition.)
This, to me, is a scary thought. I would hate that someone is abusing the bonds that I have nurtured with my cyber friends (all of whom I know in real life -- many of which I don't see on a regular basis). But this scariness is compounded by the slew of links I found addressing this on MySpace's FAQ page. Some of the links on the page addressed how to handle someone pretending to be you on MySpace, while other links talked about what to do if someone is using your email address without permission, while still others take on the subject of your account being compromised. Clearly, I am not the only member to have been phished and MySpace has done little in the way of improving their security to tackle the problem.
I have little faith in a company that will do nothing to improve their user's experience; that simply tells them to deal with it and try again. I feel that my world has been violated and that I am missing out on an experience that I could have had a lot of fun with (if the lack of security wouldn't keep me up at night worrying that someone was going to get into my email account next).
Are you on MySpace? Have you been phished? Would you stick with a service that so blatantly regarded your privacy and the use of your personal information as a minor issue? Does News Corp.'s ad-laden social network feel like an internet sanctuary where friends can share in common experiences or does it wreak of a corporation who has forgotten the original intention of its product?
Posted by Lisa LaMotta at April 20, 2007 4:36 PM | Category: internet + web |
15 Comments
ADVERTISEMENT
FC NOW MENU
NEWSLETTERS
FC NOW CATEGORIES
FC READS
My original Myspace accounts now exists as an ad for a dating site. The replacement has a much stronger password.
If your account was phished that many times that quickly it's most likely that there's a security issue on your computer and very unlikely that it's an issue with MySpace. Alternatively "Tom" wasn't the real Tom and you were diverted to a phishing site by the phishers without realizing it.
Neither of those scenarios are the fault of MySpace or any online company, the tactics of phishers on Social networking sites are no different than those that they use on other sites where you have accounts - your bank, your ecommerce accounts (amazon, ebay etc).
These companies could start using higher verification levels for access but the more verification they require the less likely you are to use the site - if they were to ask for your driver's license number or a CC number how likely would you be to use MySpace or Facebook (or even Amazon or eBay)? They could also use 2 factor authentification which is inconvenient as well and very costly.
Phishing is ALWAYS the fault of the person getting sucked in. Sure, the phisher shouldn't be doing it, but the phish should be cautious to not be taking the bait as you did. Always be super-duper cautious anytime you are told to change your password or change account information. There is no reason for Tom to ever tell you to change something. Most of us delete Tom as a friend (because if you don't, you can never tell who is really in your extended network). Facebook is great, but don't smash MySpace like all the rest of the MySpaceophobic media just because you fell for the oldest trick in the book!
That first message was the phish, and you fell for it. I've been a member on myspace for 3 years now and never had a problem. I have a very simple password (it doesn't have any complexity to it that they force you to use now) and have been a successful user from day one. The trick is to just ignore and come back in ten minutes. Myspace's features constantly go down and always come back up. Patience is the key.
"Although, I quickly became frustrated when I could not post a comment to a friend's wall and the site continued to redirect me back to my homepage."
You do not put a comma after although. :).
Nice article though.
I use Myspace and enjoy it as pure recreation. I am able to conveniently stay in touch with a long time buddy that lives 3000 miles away, About a year ago I closed my account, and have since opened a new one. I closed my account because I got high jacked from a phisher. The security is almost non existent, and I think you have a great assessment of myspace. I commented to a L A Times reported a couple of weeks ago when all of Photobucket's videos were yanked from Myspace. One of the things I told the reporter in our very candid conversation was I think that the original intentions for Myspace are in fact lost forever as it has indeed become another corporate giant smothering it's users with needless advertising. In Myspace's infancy, they never would have treated it's users the way they do now. Greed. Thank you NewsCorp for ruining what used to be a great social networking platform.
I think it is poetic that the people I have seen with profiles that have been hacked are those who have less resistance to click on something pretty. My brother has had viruses every other week for the last 2 years after his now-wife moved in and started surfing. She is the ultimate patsy, clicking on anything that looks cute. She has actually had multiple viruses just because she doesn't understand the place she got the Sailor Moon screensaver is a spider trap site setup to propagate the virus.
I will not insult you and say you're a patsy. In truth, there are people who really are duped by strategic phishing that looks so authentic the creator himself wouldn't be able to recognize it. But that's a minority. My wife has been so active in MySpace parenting groups she should get some sort of award for the most hours logged. Never once have we had an issue. I have been on MySpace and Facebook promoting a high school alumni association, and I even have a pseudonym profile for comedy writing. I have never had an issue with MySpace.
Common sense is the best defense here, but having a good antivirus (I have AVG) and spyware blocker (Spybot S&D), along with some periodic system checks (Regseeker is easy to use), is gravy that makes the acid reflux of shotty security stay down where it belongs, in that pit of your stomach where the bad feelings reside.
Incidently, I will make one last comment and relent the advertising issues with MySpace, a blatant lack of effort for Flash security. If News Corp was able to partner with Adobe for security routines on their servers that prevented certain Flash code methods to be initiated, the popups and profile-covering layers (ads that blanket your profile with a warm and fuzzy stabbing motion of paid advertising for smut services like SuicideGirls.com) would be limited dramatically.
This is only on individual profiles, mind you, those ones that get you to click on any part of their profile and redirects you to a site that looks like you logged off (the definition of a phishing site). Paid advertisers in their banner ads section are never going to be regulated. True.com, Match.com and all those little Flash ad games that cause epileptic seizures from their flashing lights and inherent hoakiness are never going to go away. They pay too much, and any web site that gives away free services just so you will look at advertisments is making millions. They would be warmed-over fools to get rid of good-paying ad partners.
Try setting up one of these ad scheme sites where all you do is sell advertising space. Your site would be called FreeXBOXNowFromCrazyEddie.com or something equally hideous. It would require that you sign up for all sorts of services using a specific tracking code. Once that tracking code is activated by the company and your actions are verified, you collect all those confirmations. Once the person has signed up for all the services you've indicated and you've been paid thousands of dollars in lead commissions, you either send them the XBOX you promised or screw them over. As long as you have fine print that is somewhat legible, you're legal. And you're rich. You think MySpace or any of those little sites advertising on MySpace wants that to go away? No. Even Facebook runs off of advertising revenue.
So it sucks, and we're bombarded. But it's America, and someone is living the American dream off of our pain. Get over it and get your blinders on.
Tom is not my friend, because I wanted to close my profile off to only real friends. So, I didn't even get this notification. What an amazingly poor system for contacting users with security information.
In the last sentence... at the very last part:
"or does it wreak of a corporation who has forgotten the original intention of its product?"
Wreak or reek? Reek seems like the company is exuding a foul odor. I think that would be the word she's looking for.
Oy! :P
Well, I'm glad I visited. I was searching for comments on myspace before joining and now I think I will just stay away. Thanks for the heads up!
Patricia - I wasn't trying to dissuade anyone from using MySpace with my blog. I think social networks are a great tool for keeping in touch and networking, but you have to find the one that is right for you. MySpace doesn't suit me. I don't like the aesthetic of it, the overabundance of advertising, and I don't like worrying that I might be on a fake homepage every time I sign on. Yet, I know many people who are addicted to MySpace and have had few problems with it. I guess, it depends on you as a user and what your intentions/expectations for the site are. Just keep in mind, if you do decide to join a social network, You entering yourself into the public forum and thus are going to be treated more like a public figure.
The history of Myspace is very interesting, the excerpt below is absolutely true and can be verified by doing a simple Yahoo or Google search .....
By now, everyone knows what MySpace is .... or at least, they think they do. The generally held assumption is that MySpace is a social networking site: "a place for friends," as their slogan puts it. In reality, MySpace is the next generation of marketing, advertising and promotion, exquisitely disguised as social networking. Simply put, MySpace.com is Spam 2.0.
Most users believe that MySpace started as some kind of fluke--a happy accident that began in Anderson's bedroom or garage--and many still don't wonder, know, or care about the site's real business history and model. Heralded as a haven of DIY self-expression, MySpace was actually created by executives whose backgrounds are anchored in spam and mass marketing, and who are tied to investment scandals. With his almost alternateen good looks, Tom Anderson has served as an exceptionally convincing distraction. The PR campaign is one of MySpace's two strokes of genius, brilliant, but not groundbreaking.
The real genius of MySpace lies in it's re-imagining and repackaging of spam. While most internet users expend time and energy attempting to keep it out, MySpace is spam that they actually invite in.
Ancient History
Internet spam originated as classic, straight-up, unwelcome, in-your-face-and-inbox advertising and marketing. At its worst, it comes from "Nigerian Bankers" and swindlers peddling Viagra, and more likely than not, this early incarnation of spam--we'll call it Spam 1.0--is lurking in your inbox right now. eUniverse, the company that essentially created MySpace, was a pioneer in this field. Headed by CEO, founder, and Chairman Brad Greenspan, eUniverse (now Intermix Media), was a multimillion-dollar marketing and entertainment company known for sites like Skilljam.com, pop-up advertising, unsolicited mass emails, spyware, and the adware behind controversial peer-to-peer file sharing network Kazaa.
Also essential to the creation of MySpace is current CEO Chris DeWolfe, who from October 1999 through March 2001 acted as the VP of Sales and Marketing at Xdrive Technologies, Inc., a company that offered millions of users large amounts of free online storage during the dot-com bubble. The business of "free," while not necessarily a lucrative enterprise for an online file storage company, would prove to be an essential building block of Spam 2.0 and MySpace. As a source close to DeWolfe at Xdrive put it, "DeWolfe learned that people will sign up for almost anything that they find useful, and they could care less about the fine print."
Article here .... http://www.myspacepros.com/forum/showthread.php?t=2715
is facebook safer than myspace???
i can't in my account