Don't be an accidental spammer!

Posted by Caitlin on June 22nd, 2009

An article in Saturday's New York Times highlights a common practice among websites with a social networking element. It's called contact scraping, and it occurs when the website prompts you to enter an email address and password. Then, all of your contacts receive emails inviting them to join the site.

Michael Argast, a security analyst for Internet security company Sophos, says that this practice is not new, but has become increasingly popular in the last three to six months. He explains that, "There are multiple shades of gray. Some social networking sites, like Facebook, are pretty straightforward in asking if you want to share information about your friends. Others are far less scrupulous."

The article's author describes her own experience with Tagged, a photo-sharing website. She received emails from two different contacts, requesting that she click to view photos they had posted on Tagged. When she clicked through, Tagged prompted her to enter her email address and password before viewing the photos. But as it turned out, there were no photos for her to view, and now the original email had been sent to all of her contacts. By taking advantage of the exiting connection between the author and her contacts, Tagged successfully increased its user population. The spam email asked recipients, "Is Alina your friend?" and discouraged them from disregarding the email by adding, "Please respond or Alina may think you said no," and including an image of a frowning face. The founder and chief executive of Tagged claims that a software glitch caused these unintended emails to be sent, but other websites have also been known to contact scrape without explicit permission from the user. The Times article mentions MyLife.com and DesktopDating.net.

The author acknowledges that unlike more nefarious spam, this is merely annoying and embarrassing. But in general, it is important for Internet users to be more vigilant regarding their email addresses and contact lists. Even when a social networking site clearly asks whether the user wishes to invite his or her contacts, many people aren't paying enough attention to notice this.

Whenever any website requests your email address and password, consider the consequences before blithely turning over this information. It may be used to spam your friends, or it may be saved and used to access your other personal data, putting you at risk for identity theft.

To avoid recieving unwanted emails like this, consider Internet security software that includes a robust spam filter. And to avoid unintentionally sending them, or exposing sensitive information that could be used against you, do not supply your name and password for a site such as Yahoo or Google to a third-party site, and don't use the same username and password for multiple websites.

• How do I login to my Identity Guard account?
• How to recover from a lost or stolen iPhone
• Vonage begins testing exciting new contact management and calling features
• Data Breach Alert: City website exposes firefighters personal information
• Data Breach Alert: Over 10 million eBay Korea users impacted in massive hack