The latest attempt to get into people’s webmail accounts is from a group Shelfari. Apparently set up as a service to help your friends learn about new books to read. They do this by getting you to give them your webmail account’s password so they can look to see if any of your friends are also members of Shelfari. In reality, Shelfari.com sends spam masquerading as you to everyone in your webmail’s Address Book.
See other reports of this behavior at:
I have blacklisted email from shelfari.com to my servers, as a complaint I filed there a few days was blatantly ignored and they did it again, emailed one of my addresses another “invite” to join.
Reminder: Never ever ever give your webmail account information to a third party.