Update: myZamana President and CEO Ashish Kundra has responded to this article. It has been updated with his comments and clarifications.
Here at Digital Trends, we aim to make sure none of you are getting ripped off, scammed, spammed, or taken advantage of by the vast number of cyber-punks who are out there to screw with your life. So when we heard from one reader about a social networking email scam that’s making its way through the Gmail ecosystem, we had to take a look.
A reader writes:
Hello,
I’m a marketing professional who recently naively accepted an email from myZamana that I thought was a legitimate invitation from a work colleague but turned out to be a scam similar to the one you reported on with SchoolFeed. I’ve been doing some homework on myZamana and have found out who the primary investor is etc. Interestingly, even though I never got a peep of a response from myZamana’s ‘customer service’ contact when they started spamming everyone in my gmail contacts, once I contacted this founder, I immediately heard back from them. I wanted to see if any of your other readers have complained about myZamana because what they are doing is fraudulent and I’m hoping to put a stop to them!
Thanks,
Heidi
You’re not alone, Heidi. A number of Gmail users have reported the same problem with myZamana over the past few months. Let’s take a closer look.
The culprit
MyZamana bills itself is described as “an online Indian dating service with modern ideas and methodologies” by Crunchbase. Founded in 2008, the company is based in Boston, MA, and is run by its president and CEO Ashish Kundra, according to its business profile on Bloomberg Businessweek. A search on WhoIs turns up little — the site has a private registration through 1&1, a Web hosting company. As of this writing, the site claims to have 6,556,957 users.
A quick perusal through the site, however, suggests that very few (read: any) people have ever used the social network on purpose, let alone for “dating.” Once you create a profile, you are greeted by a lame “Hot or Not” rip-off functionality, which immediately screams “SPAM!”
If you go to click on a “user’s” photos, the site automatically prompts you to upload photos of yourself, or — even better! — connect with the site via Facebook, and your pictures will simply be imported into myZamana. Please, don’t ever do this.
Now, if you try to actually connect with any of the people in those pictures, a pop-up window then informs you that, actually, you have to cough up between $10 and $35 for access to the website. All it needs is your credit card information and BAM, sweet lovin’ will be comin’ in your way. (Not.)
If you’re still not convinced about the risks involved with myZamana, I suggest you check out its privacy policy, which is full of little gems like this:
“Under certain circumstances, third parties may unlawfully intercept or access transmissions or private communications, or members may abuse or misuse your information that they collect from our Websites. Accordingly, although we use industry standard practices to protect your privacy, we do not promise, and you should not expect, that your personally identifiable information or private communications will always remain private.”
Yikes… Update: In an email, myZamana President and CEO Ashish Kundra expressed to me that highlighting this single section of the privacy policy is “a bit unfair.” And I agree — the very top of the myZamana privacy policy states that, “With regard to your information, you own all of it and we will not share or sell it to any third-party.”
“Let me be clear — we do not sell or rent any information,” wrote Kundra. “We keep our users’ private information private, bottom line.” This is good policy, and I was wrong to leave it out. See more of Kundra’s response below.
The problem
The problem with myZamana is not the site itself as much as it is the company’s email-hijacking practices, mentioned by Heidi. Here’s what happens: You receive an email that appears to be from someone you know — that’s the name listed as the sender. Inside, a message reads, “[Your friend] has sent you a message.” Below that is a green, hyperlinked button that says “Read Message.” You are told to fill out a user profile first, then you’ll be able to see the message.
This is a classic phishing scam tactic, and one of which many users these days are aware. However, because the myZamana email appears to have been from someone you know, it at least seems legit. It’s not.
What happens next is the worst part of the whole thing, and is the reason Heidi emailed us. By clicking the link and signing up for the site, you have effectively given myZamana access to your Gmail contacts list. From there, the company apparently spams your entire contact list with emails that appear to have come from you. And if anyone you’ve emailed with does the same, the problem starts all over again, for eternity.
The solution
If this happens to you, this is what you need to do: Change your Gmail password. (See instructions for doing so here.) We haven’t seen any evidence that myZamana accesses your Gmail login credentials. But given then sketchy nature of the site, prudence is highly recommended.
The most likely problem here is that by signing up for myZamana, you added the site to your list of approved sites in Gmail, which would give it access to your contact list. To revoke its access, sign in to Gmail, then click your profile picture in the top-right corner of the window. Click Account, then Security (left column), then Edit button “Authorized Applications and Sites.” Find myZamana, click “revoke access,” and you should be rid of this pesky site for good.
We have contacted myZamana about this story, but have not yet heard back. We will update this space with their response if we do.
Update: myZamana responds
Soon after publication of this article, myZamana President and CEO Ashish Kundra emailed me with a few points that he believes were initially misrepresented here. “First,” he wrote, “myZamana is not a dating service, it’s a social network (the Crunchbase description was not written by us).” He adds that myZamana “initially launched as a traditional dating site,” but the company has “since evolved the site a great deal.” Given myZamana’s look, features, and functionality, I fail to see how it is anything other than a dating site. But if Kundra wants to describe it as a “social network,” so be it.
Further, Kundra says that myZamana has “a lot of active users that really enjoy using the site,” but that this “may not be immediately evident to users outside of Asia,” where, he says, the majority of active myZamana users reside.
Finally, he says that myZamana uses a “freemium” model, and that it is possible to use the site without paying to do so. He says that I “could have messaged those users for free without paying! (assuming I didn’t hit the daily limit for free accounts).” In fact, I wasn’t able to message a single person, though I admit that it’s possible I overlooked some functionality.
As for the issue of myZamana accessing users’ Gmail contact lists, and sending out emails using those users’ names — which, as I explained above, is the only real problem with myZamana — Kundra had no response. I have asked him for clarification on this, and will update with any response I receive.
people that bloody join this website are desperate! PYSCHOES! YOU dont send me or my husband any desperate people looking for husbanb or wife!
sounds like facebook… .“Under certain circumstances, third parties may unlawfully intercept or access transmissions or private communications, or members may abuse or misuse your information that they collect from our Websites. Accordingly, although we use industry standard practices to protect your privacy, we do not promise, and you should not expect, that your personally identifiable information or private communications will always remain private.”
Yikes…
Dear Ahshish – why am I still receiving spam from myZamana – despite unsubscribing! What a scam!
If you get a spam from myzamana then you should complain to abuse at linode.com. They are currently the service provider and it is up to them to suspend any spamming client. All the emails I have seen come from m1.myzamana.net through to m10.myzamana.net and currently resolve to:
m1 -> 173.230.154.240
m2 -> 173.255.240.199
m3 -> 173.255.223.252
m4 -> 173.255.240.170
m5 -> 173.255.250.36
m6 -> 96.126.102.252
m7 -> 173.255.220.187
m8 -> 173.255.223.145
m9 -> 173.255.249.24
m10 -> 173.255.252.223
Include the headers from your email and keep hassling them.
Hi Andrew — I’d like to respond to your article point by point. I think you might have been mistaken on a handful of things.
First, myZamana is not a dating service, it’s a social network (the crunchbase description was not written by us). Though we initially launched as a traditional dating site, we’ve since evolved the site a great deal. Our users communicate with new people they meet on the site, as well as friends they already knew before joining the site. Our invitation tool enables the latter.
Second, we have a lot of active users that really enjoy using the site. This may not be immediately evident to users outside of Asia (since this where most of our users reside), but on a daily basis, we have a lot of users coming back to use the site to chat with friends and meet new people.
Third, the site operates on a “freemium” model. Users may choose to pay to access premium features (like contacting more than 3 new users per day), but even without paying, users can (and do) get a lot out of the site (like chat, seeing who’s viewed your profile, viewing pictures, etc.). In your example, for example, you could have messaged those users for free without paying! (assuming you didn’t hit the daily limit for free accounts)
Fourth, your privacy policy quote was a bit unfair, because you left out the line that immediately followed your quote and completed the paragraph: “As a matter of policy, we do not sell or rent any personally identifiable information about you to any third party.”. Let me be clear — we do not sell or rent any information. We keep our users’ private information private, bottom line.
Happy to answer further questions.
So… where are YOUR contact details then Ashish?
How does one of your victims pry their email address from your crafty grip?
Ashish,
If your company is aboveboard, why is it that I still keep getting emails from you after ‘unsubscribing’? Speaking of which, I was only able to ‘unsubscribe’ once as the other times, clicking on the ‘unsubscribe’ link brings me back to the registration page to set up a profile. I also tried contacting your company and when I was about to submit my question/comment, I was asked if I wanted to just delete my profile (of which I have none) instead of submitting my question/comment. I clicked ‘yes’ anyway hoping to rid this pest once and for all and was again brought back to the homepage where I was encouraged to set up a profile to proceed further.
I suggest you stop harassing the majority of us. We do not want anything to do with your company!!! PEST.
Hi Judess,
You should email linode.com with your email headers and your circumstances, particularly the unsubscribe function not working. They apparently have a ZERO tolerance for spam yet don’t appear to be doing anything to stop this from coming from their servers.
Ashish – In your comment you state you do not rent or sell any private information about subscribers to your website. Well if you do not sell or rent the information, then you obviously make it freely accessible.
You conclude your response above with ‘Happy to answer further questions’ – Well then please answer this – How do you justify your website ‘spamming’ the complete contacts list of your ‘unwilling’ subscribers – who have unfortunately been fooled by missing some hidden clause contained within the structure of myzamana’s sign up process (i assume extracting away the illegality of what you are actually doing), and make these mails appear as if they have been sent by the owner of the ‘infected’ gmail account.
It’s bad enough you steal peoples private contacts information, but even worse still is that you then continue to ‘spam’ their contacts hidden behind a veil pretending to be a person the receivers of your poison actually trust. SHAME ON YOU!!!!
I received two emails from someone called “Martin” (of course I don’t know anyone with such name) to my site’s email address, not gmail. I didn’t click on View Message and never went on their site. If they were to start emailing my business partners it would be absolutely devastating.
This also looks like a new twist because this is not gmail, but email at my domain and is only used for work purposes. I never had interaction with someone called “Martin” so it would be interesting to know how they got hold of my email.
I will go send an email to Linode now as I am not sure what to expect.
Blendr is another site, it seems owned by the same person (Ashish Kundra), it behaves in exactly the same way. I got mails from both of them.