‘Dating service’ myZamana will infiltrate your Gmail and spam your friends

Update: myZamana President and CEO Ashish Kundra has responded to this article. It has been updated with his comments and clarifications.

Here at Digital Trends, we aim to make sure none of you are getting ripped off, scammed, spammed, or taken advantage of by the vast number of cyber-punks who are out there to screw with your life. So when we heard from one reader about a social networking email scam that’s making its way through the Gmail ecosystem, we had to take a look.

A reader writes:

Hello,

I’m a marketing professional who recently naively accepted an email from myZamana that I thought was a legitimate invitation from a work colleague but turned out to be a scam similar to the one you reported on with SchoolFeed. I’ve been doing some homework on myZamana and have found out who the primary investor is etc. Interestingly, even though I never got a peep of a response from myZamana’s ‘customer service’ contact when they started spamming everyone in my gmail contacts, once I contacted this founder, I immediately heard back from them. I wanted to see if any of your other readers have complained about myZamana because what they are doing is fraudulent and I’m hoping to put a stop to them!

Thanks,

Heidi

You’re not alone, Heidi. A number of Gmail users have reported the same problem with myZamana over the past few months. Let’s take a closer look.

The culprit

MyZamana bills itself is described as “an online Indian dating service with modern ideas and methodologies” by Crunchbase. Founded in 2008, the company is based in Boston, MA, and is run by its president and CEO Ashish Kundra, according to its business profile on Bloomberg Businessweek. A search on WhoIs turns up little — the site has a private registration through 1&1, a Web hosting company. As of this writing, the site claims to have 6,556,957 users.

A quick perusal through the site, however, suggests that very few (read: any) people have ever used the social network on purpose, let alone for “dating.” Once you create a profile, you are greeted by a lame “Hot or Not” rip-off functionality, which immediately screams “SPAM!”

If you go to click on a “user’s” photos, the site automatically prompts you to upload photos of yourself, or — even better! — connect with the site via Facebook, and your pictures will simply be imported into myZamana. Please, don’t ever do this.

Now, if you try to actually connect with any of the people in those pictures, a pop-up window then informs you that, actually, you have to cough up between $10 and $35 for access to the website. All it needs is your credit card information and BAM, sweet lovin’ will be comin’ in your way. (Not.)

If you’re still not convinced about the risks involved with myZamana, I suggest you check out its privacy policy, which is full of little gems like this:

“Under certain circumstances, third parties may unlawfully intercept or access transmissions or private communications, or members may abuse or misuse your information that they collect from our Websites. Accordingly, although we use industry standard practices to protect your privacy, we do not promise, and you should not expect, that your personally identifiable information or private communications will always remain private.”

Yikes… Update: In an email, myZamana President and CEO Ashish Kundra expressed to me that highlighting this single section of the privacy policy is “a bit unfair.” And I agree — the very top of the myZamana privacy policy states that, “With regard to your information, you own all of it and we will not share or sell it to any third-party.”

“Let me be clear — we do not sell or rent any information,” wrote Kundra. “We keep our users’ private information private, bottom line.” This is good policy, and I was wrong to leave it out. See more of Kundra’s response below.

The problem

The problem with myZamana is not the site itself as much as it is the company’s email-hijacking practices, mentioned by Heidi. Here’s what happens: You receive an email that appears to be from someone you know — that’s the name listed as the sender. Inside, a message reads, “[Your friend] has sent you a message.” Below that is a green, hyperlinked button that says “Read Message.” You are told to fill out a user profile first, then you’ll be able to see the message.

This is a classic phishing scam tactic, and one of which many users these days are aware. However, because the myZamana email appears to have been from someone you know, it at least seems legit. It’s not.

What happens next is the worst part of the whole thing, and is the reason Heidi emailed us. By clicking the link and signing up for the site, you have effectively given myZamana access to your Gmail contacts list. From there, the company apparently spams your entire contact list with emails that appear to have come from you. And if anyone you’ve emailed with does the same, the problem starts all over again, for eternity.

The solution

If this happens to you, this is what you need to do: Change your Gmail password. (See instructions for doing so here.) We haven’t seen any evidence that myZamana accesses your Gmail login credentials. But given then sketchy nature of the site, prudence is highly recommended.

The most likely problem here is that by signing up for myZamana, you added the site to your list of approved sites in Gmail, which would give it access to your contact list. To revoke its access, sign in to Gmail, then click your profile picture in the top-right corner of the window. Click Account, then Security (left column), then Edit button “Authorized Applications and Sites.” Find myZamana, click “revoke access,” and you should be rid of this pesky site for good.

We have contacted myZamana about this story, but have not yet heard back. We will update this space with their response if we do.

Update: myZamana responds

Soon after publication of this article, myZamana President and CEO Ashish Kundra emailed me with a few points that he believes were initially misrepresented here. “First,” he wrote, “myZamana is not a dating service, it’s a social network (the Crunchbase description was not written by us).” He adds that myZamana “initially launched as a traditional dating site,” but the company has “since evolved the site a great deal.” Given myZamana’s look, features, and functionality, I fail to see how it is anything other than a dating site. But if Kundra wants to describe it as a “social network,” so be it.

Further, Kundra says that myZamana has “a lot of active users that really enjoy using the site,” but that this “may not be immediately evident to users outside of Asia,” where, he says, the majority of active myZamana users reside.

Finally, he says that myZamana uses a “freemium” model, and that it is possible to use the site without paying to do so. He says that I “could have messaged those users for free without paying! ([I] didn’t hit the daily limit for free accounts).” In fact, I wasn’t able to message a single person, though I admit that it’s possible I overlooked some functionality.

As for the issue of myZamana accessing users’ Gmail contact lists, and sending out emails using those users’ names — which, as I explained above, is the only real problem with myZamana — Kundra had no response. I have asked him for clarification on this, and will update with any response I receive.