Time and again I have received different email invitations to join a social networking site, social bookmarking site, or an online classmates/alumni directory. Indeed, I have signed up for some of the major, legitimate ones. I have met existing friends through these services. And I have also made new friends along the way. However, my general rule of thumb would be to say “no” whenever I get invites like these. Actually, by saying “no” I mean actually ignoring the emails. For all you know these will steal information from you.

The premise would be simple. You’re sent an email asking you to sign up for this latest online service or such. Then you go through the usual sign-up process. Then as a final step, you are asked to key in your Gmail username and password, presumably so that the system can scan your Gmail contacts and automatically get in touch with everyone for an invitation from you.

Guess what. The moment you do this, the system would have already known your password and who knows that malicious things they could do with your account. In a few seconds, the system would, in all likelihood, have spammed your entire contact list asking them to sign up and be your friend. Then all those gullible enough would do so, giving their own account details in the process.

As they say, it’s not so much the email (whether Gmail or other) password loss that is important, but the data or information that might have been contained therein, and also the trust of the people in your contact list.

It’s called social engineering. And it can come in many forms. As long as there are people gullible enough to blindly say yes without any questions asked, these scammers will continue thriving in the online world.

Take for instance G-Archiver, or what used to be G-Archiver (no link here, because Google might consider it badware). The promise is simple. It will back up your entire Gmail account onto your local computer, so you can access data even when offline, and so you are assured your email will not get flushed down the drain in the rare event that Google dies.

Never lose another message - backup Gmail messages and you’ll have a stored copy on your computer in the event of Gmail data loss incidents.

However, the problem here is that the programming of the software lets Gmail info leak out into unscrupulous hands. The authors themselves admitted this, though I think they are not entirely inculpable of the mistake.

Here’s a good discussion of the perils of G-Archiver. And there are countless other similar applications whose main intent would be to phish for information like tagged.com, Yaari, and the like.

So again, the rule of thumb here is that you should never, ever give out your Gmail or any other email password.

That is unless it is for what you know is a legitimate use. Like for example, you use your Yahoo! login for Flickr. And you use your Gmail login for AdSense. in those cases, the use is authorized. Still, there’s the likelihood of malware authors spoofing sites, but that’s another story.