1-8-11 Hodgepodge

Saturday, January 08, 2011

A Quick PSA

Martin Lindeskog warns against a scam site called "Shoppy Bag."

Let me add a warning of my own. I'd call this a phishing attack. [Update: Shoppy Bag's deceptive practice resembles phishing in some ways, but is not actually phishing.] I received a couple of emails out of the blue, supposedly from two people I know through blogging, only one of whom I have ever actually corresponded with. The emails claimed I'd been photo-tagged at a new, shopping-oriented social networking site. (I know both people to be participants in other social networking services.)

I decided to see whether this was the case and -- without first stopping to search "Shoppy Bag" -- clicked to see whether someone had posted a photo of me. As soon as I saw that I'd have to give my email address and its password (!) to proceed any further, I stopped right there and did the search I should have done before.

I am pretty sure that my account was not compromised, but in the process of learning about Shoppy Bag, I became concerned that, under certain conditions, it may be possible for an email account to be compromised simply by clicking through as I did. (Shoppy Bag logs on to such accounts and rifles through contact lists to generate new "invitations" to prospective members.)

If you receive email from (or about) Shoppy Bag, I recommend reporting it as a phishing attack. In GMail, you can do this by selecting the message and then the "Report phishing" option from the dropdown menu accessible from the arrowhead to the right of the "Reply" option.

Furthermore, if you click through such an email (or actually join Shoppy Bag), you should re-secure your account. Here is the protocol for GMail users.

Finally, learn from my mistake and search any unfamiliar entity that sends you email before you do anything else.

Weekend Reading

"We are not 'addicted' to oil any more than we are addicted to the myriad values it makes possible, like fresh food, imported electronics, going to work, or visiting loved ones." -- Alex Epstein, in "The Six Myths about Oil" at Fox News

"The real battle for capitalism is the battle over the question: Is it moral to pursue our own happiness?" -- Yaron Brook and Don Watkins, in "Can Arthur Brooks Beat Back Big Government?" at Forbes

"[W]hile Obamacare is suppressing genuine marketplace competition for medical services, it is also spurring a more sinister facsimile of competition - for political favors." -- Paul Hsieh, in "Best Health Care Political Pull Can Buy" at The Washington Times

"While the GOP's expressions of respect for the Constitution are a welcome change, they are not enough." -- Paul Hsieh, in "Will the GOP Walk the Walk on the Constitution?" at PajamasMedia

"A serene person is not passive and helpless, but also isn't a 'control freak.'" -- Michael Hurd, in "Is It Good to Feel Good?" at DrHurd.com

Three More from the Holidays

While I was unplugged over the holidays, Don Watkins pointed to several good holiday-themed pieces. Alex Epstein's take on New Year's resolutions, which I think I've read before, is especially worth your while.

From the Vault

Hah! I thought about this very subject just last night. Today, a year ago, I blogged about how much I like my silk thermals. They do indeed make all the difference up here during the winter.

On the subject of cold weather, I came up with an interesting analogy as I went to pick up pizza with my brothers in northern Mississippi, where it had snowed the day before, on Christmas. (It covered the ground nicely that day, and was already mostly gone.) I was explaining how gross snow gets when it never goes away and just sits there, accumulating grime for days and weeks on end, especially on roadsides and curbs.

"Southerners like snow the same way northerners like warm weather."

-- CAV


: The Shoppy Bag scam although deceptive, is not actually phishing, as a commenter points out. Added update to first section.


Brian said...

I think you are confusing phishing with address book import. ShoppyBag doesn't ask for your Google account password and doesn't fake Google page, so by reporting it as "phishing", you mistrain the algorithm. Google's phishing prevention is meant to protect accounts' security, which isn't compromised by using OAuth-like access.

Gus Van Horn said...


I picked up the notion that this was phishing from a comment thread, but you caused me to check on the definition of phishing and see that, while there is a similar use of deception to attempt to gain access to sensitive information, there is no masquerading on Shoppy Bag's part as a "trusted" web site.

Thanks for speaking up.