It’s one of those questions that just never seems to go away….”Who has blocked me on [insert your favorite instant messenger program here]?” My answer is short and sweet – you can’t know, you’ll never know, and your contacts have their right to privacy. That last bit alone is enough to generate quite a heated debate as I recently found out – but I’ll spare you the details. More importantly – trying to find out who has blocked you can compromise your computer’s security and infect you will all kinds of malware and viruses you never imagined – and it’s not going to yield any accurate information.
For years, I’ve told people to stay away from block-checker websites. Back in November, Christopher Boyd wrote on SpywareGude to beware of a block checker file that you can now download. It’s a new spin on the websites that have stolen credentials for some time. AIf you install MSN Block Checker you will be infecting your machine with Mob.Blockcheck – take a look at it’s behaviors and I’m sure you’ll decide you don’t really want it on your machine. Also referenced in this detailed post are 3 previous posts about other online sites claiming to tell you who’s blocked you and phishing scams aimed solely at getting you to reveal your login credentials. Just this week, the well known Raymond.cc blog posted on an email that appears to come from one of your contacts and leads to a site asking for your login info to determine who has you blocked. I probably don’t need to tell you the email is a phishing scam. The friend from whom it comes has probably had their login stolen. The Raymond.cc post also includes very good information on what to do if you believe your login credentials have been compromised.
Many users don’t practice good security online – using the same login and/or password for multiple sites and services. Being compromised may mean there is a lot more at risk in such cases. Phishers and hackers are quite happy to share their payloads with each other. Many people wrongly assume that because they run an antivirus or malware scan and it comes up clean they are not at risk and/or have not been compromised. FALSE! Until the advent of the “downloadable” file previously mentioned, most of this phishing was done online. It’s true many of these sites also dump malware or crapware on your machine as a bonus – but the real problem is when the credentials are entered online. It’s hook, line and sinker for the phisher. They have what they need. All those annoying IM’s and emails going out to contacts will most likely be happening from a remote server. All the antivirus and malware scans in the world aren’t going to stop it from happening. Following the advice on what to do when you’ve become compromised becomes paramount if you want to stop the problem (and I assure you – your contacts would really appreciate it if you do.)
Knowing if you’ve been blocked is obviously tempting (or the phishers wouldn’t be doing so well with it now would they?) I have never heard of a block checker that works, doesn’t infect your machine or steal your credentials. Ask yourself this. Why does a site need your login credentials to determine if someone else is online? Doesn’t make a lot of sense does it? You have to ask yourself – is it really worth it to find out? There are options. Email the person and ask if they are not communicating for a reason. While slightly subversive, you could create another identify and see if the person will add you as a new contact. If you can see them online with one identity and not the other, then you are likely blocked. Of course, that’s only as good as getting the person to accept some unknown new contact on their list (and if they weren’t mad at you before they may be after you do that if they figure it out.) Send them an IM – perhaps they just aren’t showing online, but will actually answer you. Or, you could just be adult about it – accepting that someone is showing offline to you for whatever their own personal reasons may be. Whatever your choice – stay away from the block checkers. They don’t work and the risks are far greater than the reward (or lack thereof).