Why eCards, eVites, eGreetings, and such are eVil

There are a number of reasons why people should not send or read eCards and the like. I am hard pressed to think of any reasons why people should send them though. So, how about a list of reasons why you should not send or open them.

 

1) Social Engineering. E-ware, as I collectively call them, teach people to ignore safe computing best practices. Generally when you get an email message from a friend, but the email address is not your friend’s you should just delete the email. What do I mean? Well, if my email address is admin@casalemedia.com, (it’s not) but you see my name with a different email address you should probably delete the email as it usually means that someone is trying to impersonate me. ECards, eVites, and the like put a different email address with your friend’s name. It is a truly bad thing to teach people to trust such contact information. They certainly could put “On behalf of Randy Abrams”, but they are actually actively trying to social engineer people, so they try to make it look like it came directly form me, rather than using the honest approach of admitting it is sent on my behalf. Given the deliberate deception, why was it you trusted them again?

 

The training in how to be a victim of social engineering has been phenomenally successful. The storm worm now uses fake eCards knowing that almost everyone has been trained to be gullible enough to open them. If you send eCards, you teach people to be socially engineered.

 

2) Spam. How do you know that you are not signing your friends up for a spam list when you give their email address to “e” sites? Do you really know enough about the site and its operators to trust them… for your friends?

 

3) It is generally disrespectful. As a rule I do not give anyone’s email address to anyone else without getting their permission first. Most people give their friend’s and families email addresses out to people that they don’t even know without the consideration of asking if it is ok to share the email address first. This is highly disrespectful.

 

I have never used an eCard, eVite, or other such “service” and I won’t start teaching my friends bad computing habits now. I also will continue to have enough respect to only share their contact information in an appropriate manner.

 

Randy Abrams
Director of Technical Education

Author ESET Research, ESET

  • http://www.SayItWithEcards.com Roz Fruchtman

    Wanting to be respectful of your opinions, I would beg to differ.

    Perhaps FREE eCard services do what you say. I cannot speak for them, but reputable fee-based eCards services “would never” SPAM the recipients of their eCards. IF they did it would give them/the eCards site and their owners a bad name.

    My suggestions would be:

    1) Investigate (look around) the eCards site BEFORE signing up and sending any eCards IF you feel they may not be reputable.

    2) Read the eCards site’s their TOS (Terms of Service). See how they feel about things.

    3) Read the eCards site’s Privacy Policy IF you do not know them or you feel they may not be reputable.

    4) Ask questions – lots of questions if necessary.

    5) See if you can contact the eCards site’s ADMIN / site owner easily. (I will NOT do business with anyone I can’t contact easily. It’s too frustrating. IF you CANNOT contact them BEFORE you give them your money, imagine how it will be after!)

    Even if you know the site’s owner. It is a good idea to familiarize yourself with the rules and integrity of the eCards site.

    I sincerely believe making a blanket statement that ALL eCards are bad is just irresponsible and simply NOT true!

    Roz Fruchtman
    Say It With eCards

    • Randy Abrams

      The problem is that the recipient of the eCard is the one who has to figure out if it actually came from a legitimate eCard site and if the link is actually to an eCard at all. It isn’t a matter of the eCard sites being bad, it is the unsafe computing habits that are practiced by most users when they receive an eCard. The eCard sites themselves are not sending out bad eCards, but criminals have long been sending things that purport to be an ecard and purports to come from someone the recipient knows and then they trick the user into installing malicious software.

  • http://www.SayItWithEcards.com Roz Fruchtman

    Dear Randy:

    Thanks for the response. I appreciate it immensely!

    However, with all due respect as this is your website… I have to strongly disagree with you.

    Scam artists have no idea who your friends, relatives and loved ones are.

    Therefore, IF a person does NOT recognize the name of the eCard sender then YOU ARE ABSOLUTELY correct, they should NEVER click on the link. It’s as simple as that!

    We live in a time of financial challenges for all… We live in a time when everything needs to be done yesterday… eCards satisfy both needs and provide a way for people to communicate “in-the-moment affordably!”

    Thanks again for responding. I was not notified or I would have come over and responded sooner.

    Have a fabulous weekend.

    Roz Fruchtman
    Say It With eCards

    • http://www.smallblue-greenworld.co.uk David Harley

      Roz, I’m afraid you’re missing a point. Malicious messages frequently seem to come from someone you know, either because the address is spoofed or because the system has been infected or compromised without the knowledge of the owner and it really does come from their address, though without their knowledge (this is a common mass mailer trick). The trick is not to mistake trusting the person for trusting the message.

      I don’t think the problem is with eCards, but with email (and other forms of messaging). Because most messaging systems are fundamentally unsafe, it’s all too easy to distribute malicious URLs and attachments in the guise of legitimate files, from legitimate, known senders.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
31 Jul 2007
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.