Just say NO to Quechup

I've been had. Hoodwinked. Sadly and inadvertently I may have brought you into the mess. There is a new service out there called Quechup (I will not link to it) which is posing as a legit social network. It is NOT.

This all started when I received an invite from a trusted friend. Somebody whom I respect and admire, but the email came (unknown to me) without his consent. Here is how this new scheme works. On a number of sites from Twitter to LinkedIn, you can log in to your Gmail, Yahoo or Hotmail address book to see if any of your contacts already use the service. Normally, they just show you who has joined already and let you connect with them. This Quechup site did the same thing except they SPAMMED my entire contact list! What the hell is up with that?

I am sorry and totally sick about falling for this stupid trick. Their site is horrible and obviously run by people who either don't know how this works or are just unethical in their handling of data.

Here are steps you should take to make sure this does not happen to you:

• Do a Google blog search and Technorati search before you sign up
  
• Do not use your Gmail, Yahoo or Hotmail login unless you 100% want the people in your contact list to be contacted for whatever you are logging in for (even if you trust the company)
  
• Even if you trust the person you are getting an invite from, follow up with them and ask if it's legit
  
• Give every invite at least 48 hours before you jump in
  

I will be following these steps and I hope you do too. If you got an invite from me, please send it to the trash and accept my heartfelt apology. Just say no to these jerks.

P.S. If anybody from Google, Yahoo or Microsoft reads this you should look into blocking their API access since they're violating your agreements. If you know anybody at these companies please feel free to pass this post to them.

[Update:] Lots of people got hit with this thing in the past day. To report these jerks to the services they're using to scam people you can do the following:

• Google: Send an email about their scam to code-hosting@google.com and be specific to their URL and what they did wrong.
  
• Yahoo: Complete this form stating your Yahoo ID and other pertinent info
  
• Federal Trade Commission: Fill out this form to report them to the FTC
  

If you find another option to report them please leave a link in the comments and I'll add them here.

Technorati Tags:
saynotoquechup

Comments

You can follow this conversation by subscribing to the comment feed for this post.

Hey Matt,
No worries - this could have happened to any of us! Glad you did the post though - services that pull that need to be stopped. I can't imagine they'll be doing it for much longer!

Pat

Posted by:Patrick Schaber | Saturday, September 01, 2007 at 04:09 PM

Hey Pat -- Thanks for the comment. I hope somebody shuts them down. They definitely don't deserve to stay in business doing things like this.

Posted by:Matt Dickman | Saturday, September 01, 2007 at 04:20 PM

Hey Matt,

200% with you on this one. I know at least 4 friends who experienced the same problem. This is NOT acceptable indeed. Thanks for this post. I think it is the best thing to do.

Posted by:Luc Debaisieux | Saturday, September 01, 2007 at 04:46 PM

I'm sure you didn't relish the experience of getting this Quechup spilled on you, but I'm glad you're exposing them for what they are. They'll disappear soon, like a bad condiment stain.

Posted by:Steve Woodruff | Saturday, September 01, 2007 at 07:52 PM

Thanks for the heads-up! I received 5 or 6 e-mail invites to this soc-net. For once procrastination paid off. I had not checked it out before I got your e-mail alerting us to the situation. Same thing happened w/ a service called Spock, and the e-mails came from trusted sources (as they did this time). Glad you're publicizing the issue.

Posted by:Connie Reece | Saturday, September 01, 2007 at 11:13 PM

Luc -- It's totally unacceptable. I hope enough people see this and become aware of the scam.

Steve -- I hope they disappear as well my friend. At least I have a forum where I can warn others and save them the embarrassment.

Connie -- Procrastination is a great thing! I wish I had disconnected myself for the weekend so I would have been spared, but at least I can share what I know. Too many people are being too liberal with their use of our data. One of the downsides of the open API Web2.0 movement.

Posted by:Matt Dickman | Sunday, September 02, 2007 at 01:08 AM

Q is beyond horrific on how they went about this. Not only is it not disclosed in their TOS, but it is totally against the Google API TOS. Report them. I did, we all need to. Let Google pull their ability to access our data - and maybe the rest of the email services (Yahoo, etc.) will follow suit.

Posted by:Lynette Young | Sunday, September 02, 2007 at 08:31 AM

Lynette -- Thank you for the comment. I've added links to the abuse reporting options I can find. If you know of any more please let me know in the comments here.

Posted by:Matt Dickman | Sunday, September 02, 2007 at 09:05 AM

Matt: Sorry for your pain. My warning is posted here: http://tinyurl.com/2le28v

Posted by:Lori Magno | Sunday, September 02, 2007 at 12:33 PM

Lori -- I'm glad you're helping to spread the word. I keep getting more and more angry when I think about just how sneaky this really is. Trust is gone.

Posted by:Matt Dickman | Sunday, September 02, 2007 at 03:25 PM

hey matt ,good points to remember when encountering
invites to any "new"social networking .

I jumped in feet first , when I recieved my invite.

It will be a lesson learned .

johnpiercy

Posted by:john piercy | Sunday, September 02, 2007 at 03:34 PM

John -- I'm sorry it got you too, but thanks for the comment. I generally jump right in to these things as part of my blogging to bring people the latest/greatest. In this case I just hope I can do a little to prevent others from having to go through the same thing.

Posted by:Matt Dickman | Sunday, September 02, 2007 at 03:39 PM

Hey, don't feel too bad. Hugh @ Gapingvoid also jumped in feet first and later posted on it. You did a good job of explaining what happened *and* giving people a way to report the incident. The most frustrating part is often lack of control -- and with your suggestions people can do something.

I'm a laggard and ponder joining new networks for weeks ;-) In this case, by that time the network could be gone already. Sometimes slow pays off.

Posted by:Valeria Maltoni | Sunday, September 02, 2007 at 10:08 PM

Same thing nearly happened to me (email from trusted source, thought it might be a genuinely interesting site), but I get very antsy when someone wants my password for another service. After finding the link to skip that step, I looked up the name on Google, and saw how much mud they've managed to drag their name through.

Another tip: if you get any emails from them via gmail, yahoo or similar, click on the 'mark as spam / junk mail / bulk mail' whatever options.

Posted by:Yanpa | Monday, September 03, 2007 at 03:58 AM

Valeria -- I am definitely adding a cooling off period to anything new that I join unless it is verified by a trusted source via a trusted medium (email + phone/twitter). Slow paid off for you indeed!

Yanpa -- I think most of us have become so used to giving out our information that social traps like this one are easy to fall into. I did a search too late, but you're right report them as spam since that's all it is. Thanks for the comment!

Posted by:Matt Dickman | Monday, September 03, 2007 at 10:57 AM

Matt,

I am so sorry you had to experience this. Thank you for sharing. I am so nervous about all the invites I receive to try this and that, that I don't try any of them. And my world seems to be spinning just fine.

Posted by:Lewis Green | Tuesday, September 04, 2007 at 10:28 AM

Lewis -- Thanks for the comment and I'm glad it did not hit you too. I think if you follow the steps I outlined you should be good. I am seeing a drop in trust already across my listening outposts.

Posted by:Matt Dickman | Tuesday, September 04, 2007 at 02:46 PM

Tough experience. That and others has made me much more skeptical about accepting invites from anyone.

Posted by:Roger von Oech | Thursday, September 06, 2007 at 11:26 AM

Roger -- Thanks for the comment. This should make us all a little more skeptical or at lease more cautious. There are, unfortunately, a lot of sneaky marketers out there giving the rest of us a bad name.

Posted by:Matt Dickman | Friday, September 07, 2007 at 10:37 AM

Thank you for the warning, Matt. I did sign up but fortunately, I did not give them any address book details (just as a matter of policy). I cancelled my membership a minute ago—I can’t support Quechup’s behaviour.

Posted by:Jack Yan | Sunday, September 09, 2007 at 09:24 AM

This is still going around as of 14 September 07. When it got to the "check your address book in Yahoo" page, I looked for the security lock icon, and hey, waddayaknow? Not there. I couldn't find a "skip this" button, so cut/pasted the home page url. The pictures there gave me the wilies, and when my friend told me he didn't do it, I quit. So I escaped the Big Spamming.

Gotta look for that lock icon before entering any personal info.

Posted by:Zeth | Saturday, September 15, 2007 at 03:21 PM