Tagged — Web 2.0 for Phishers?

I received an email this evening from an old work colleague telling me she had posted photos for me on a social networking site called Tagged1. The email struck me as just a touch strange, but couldn’t place my finger on why and decided to click through and check it out.
Tagged Registration PageThe registration page on Tagged made me feel even more strange, asking for information I would normally not share, including my email account password. That request passed my comfort threshold and I quit the Tagged website. I also sent a quick email to the friend who sent me the original Tagged invitation asking her if it was legitimate. 

A little research turned up a mixed bag of information — there were enough blog postings2, online discussions3, warnings on Twitter4, etc. to make it clear that a lot of people have experienced some very bad things in connection with Tagged5, but Tagged also appears to be a legitimate social networking company based in San Francisco. They’ve received venture capital from several sources6. Hitwise ranks them #4 in U.S. Social Networking Sites7. And Tagged even has a partnership with Microsoft8.

While doing this research, I heard back from the friend whose name and email address had been attached to the original Tagged invitation:

“Hi, Kevin. Well, your instincts were right! I got one from a friend, & when I opened it  I had to ‘sign in’ to see the pix, and somehow it sent an email to everyone in my address book!! At least, that’s what I’ve now gathered. Otherwise no obvious software issues, so hopefully it was JUST spam.”

So is Tagged a legitimate business, or the latest phishing scam out to highjack your email? Unfortunately the answer appears to be both.

The bottom line is that Tagged’s practice of accessing the email boxes of it’s registered users had been going on ever since the website went live, and despite consistent and ongoing complaints, the company has not changed that practice. (As I saw for myself today, it’s still happening.) Even if Tagged is going through all the motions of trying to look like a responsible U.S. corporate citizen, if your actions show you to be a spammer and a phisher, then it my opinion you’re no different than the Russian mobsters doing the exact same thing.


  1. I’m not linking directly to the Tagged website from my blog — as you read the rest of this post, you’ll see why. If afterward you still have an urgent desire to hand over your email contacts to Tagged, I won’t be an enabler. []
  2. ConradAskland.com blog []
  3. College Confidential Parent’s Café []
  4. sample Tweet about Tagged []
  5. Consumer Fraud Reporting website []
  6. VentureBeat article, December 17, 2008 []
  7. SocialNetworkingWatch.com []
  8. Microsoft Windows Live Development Blog []

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.