How in the hell is this not illegal?


GF gets an email purporting to be from one of her friends who sent her a private message through Faniq.com.

she [stuipdly] clicks the unsubscribe link at the bottom of the email, and she's taken to a page saying she's been unsubscribed. she closes her browser.

everybody in her address book gets an email/text with the same bullshit about her sending them a private message...it sounds like everybody in her address book gets a total of three emails/texts. assholes.


1) how is this not illegal?
2) can anything be done about it.


more info:
http://community.ca.com/blogs/securityadvisor/archive/2009/03/26/faniq-spam-technique-to-invite-new-customers.aspx (although my gf didn't get do most of the stuff in this article, she just clicked an unsubscribe link.)
http://salaswildthoughts.blogspot.com/2009/01/fan-iq-spam-or-virus.html

7/20/2009 12:22:20 AM

omg, spam and phishing are illegal. that's how we'll get them.

7/20/2009 1:06:45 AM

its phishing. bitch all you want govt doesnt care. you wanna do something about it, give me 5 mil and another 5 to all the white hats out there.

seriously i dont unsubscribe to shit. if i dont want it, i flag it as spam.

7/20/2009 1:18:29 AM

Quote :

"seriously i dont unsubscribe to shit. if i dont want it, i flag it as spam."

exactly.

clicking an unsubscribe link only serves to confirm to the spammer that the address in question is valid, and therefore can be sold for more money.

7/20/2009 1:20:29 AM

^ i'm well aware of this (an the gf is now too :beatup

i can see her getting some increased spam as a result of her actions...but grabbing your address book and spamming that takes it to another level. but i guess it's "legal" huh.

7/20/2009 9:26:47 AM

from the discription in the first link it looks like its 100% stupid user. It asks for the user's google account creds in order to get their address list. While it is shady as hell to spam a bunch of people using your address book, its definitely not a virus and i wouldn't even call it phishing.

On the page where it asks for gmail creds it has a checkbox labeled invite everyone on my contact list. The term phishing and social engineering generally mean using a human as the weakpoint in order to circumvent some security measure. In this case the application gives clear notice that its going to send something to everyone in your contact list. Options like that being checked off by default are nothing new.

tl;dr: nothing here thats even remotely close to illegal. Annoying? sure, but its only an issue for lazy users.

[Edited on July 20, 2009 at 10:51 AM. Reason : l;]

7/20/2009 10:49:46 AM

hell, the emails even observe proper etiquette by using a correct from address with the faniq.com domain making it easy to block by sender address or sender domain

7/20/2009 10:53:34 AM

Quote :

"It asks for the user's google account creds in order to get their address list. While it is shady as hell to spam a bunch of people using your address book, its definitely not a virus and i wouldn't even call it phishing."

Perhaps you didn't fully read my post. She never even went through that whole process...

Quote :

"she [stuipdly] clicks the unsubscribe link at the bottom of the email, and she's taken to a page saying she's been unsubscribed. she closes her browser."

that's it. she attempted to unsubscribe, and all her contacts were emailed/texted as a result.

7/20/2009 12:46:21 PM

It doesn't work like that. Without a cross site scripting vulnerability or some really really specific malware, theres no way for it to get her gmail contacts. She had to have put her credentials in at some point.

7/20/2009 1:13:54 PM

It was yahoo, and she didn't put her credentials in. But yeah, it seemed strange to me too.

7/20/2009 1:19:30 PM