The New York Times has a good article cautioning people to be careful what sites they give their e-mail addresses, as that can lead to their contact lists being scraped for friends’ e-mail addresses.
That’s when I started doing everything wrong. I obligingly typed in my e-mail address and a password to see those photos. Well, the photos didn’t exist, but I had unwittingly given the site “permission” to go through my entire e-mail contact list and send a message to everyone, inviting them to see my “photos.”
I found this out only when I started receiving e-mail back from people agreeing to be my friend. I quickly realized what had happened and shot off an apologetic message explaining why I inadvertently spammed them. […]
This wasn’t along the lines of someone stealing my bank account information or Social Security number, but I was annoyed and embarrassed.
“They’re using your good name to establish a connection,” said Peter Cassidy, secretary general of the Anti-Phishing Working Group, a nonprofit organization with representatives from law enforcement, industry and government. […]
Instead, this is generally called contact scraping. Once you enter your credentials, like your user name or password, the company sweeps through your contact list and sends everyone an invitation to join the site.
How do the companies benefit? They are expanding their user population, [Michael Argast, a security analyst,] said, which they can use to attract potential investors or advertisers. Whether those users are willing participants, or people like me, is another question.