Sign up to our newsletter
The latest security news direct to your inbox
There are a number of reasons why people should not send or read eCards and the like. I am hard pressed to think of any reasons why people should send them though. So, how about a list of reasons why you should not send or open them.
1) Social Engineering. E-ware, as I collectively call them, teach people to ignore safe computing best practices. Generally when you get an email message from a friend, but the email address is not your friend’s you should just delete the email. What do I mean? Well, if my email address is email@example.com, (it’s not) but you see my name with a different email address you should probably delete the email as it usually means that someone is trying to impersonate me. ECards, eVites, and the like put a different email address with your friend’s name. It is a truly bad thing to teach people to trust such contact information. They certainly could put “On behalf of Randy Abrams”, but they are actually actively trying to social engineer people, so they try to make it look like it came directly form me, rather than using the honest approach of admitting it is sent on my behalf. Given the deliberate deception, why was it you trusted them again?
The training in how to be a victim of social engineering has been phenomenally successful. The storm worm now uses fake eCards knowing that almost everyone has been trained to be gullible enough to open them. If you send eCards, you teach people to be socially engineered.
2) Spam. How do you know that you are not signing your friends up for a spam list when you give their email address to “e” sites? Do you really know enough about the site and its operators to trust them… for your friends?
3) It is generally disrespectful. As a rule I do not give anyone’s email address to anyone else without getting their permission first. Most people give their friend’s and families email addresses out to people that they don’t even know without the consideration of asking if it is ok to share the email address first. This is highly disrespectful.
I have never used an eCard, eVite, or other such “service” and I won’t start teaching my friends bad computing habits now. I also will continue to have enough respect to only share their contact information in an appropriate manner.
Director of Technical Education
Author ESET Research, ESET