Most security-savvy users are aware of the problems with electronic greeting cards, which may contain malicious software. Like almost all emails that I receive with a subject containing “FW:” (forward), I delete all greeting cards (eCards) that I receive, even those from Mom.
If you’re like me, you warn your friends and family about the dangers of emailed greeting cards (they just aren’t worth the risk). But what about the other issue with greeting cards?
When someone sends you a greeting card, she has to enter your email address into the eCard website. Think about it: your friend graciously provides your email address to a third party.
I read the privacy policy of a couple of eCard websites, and none of them mentioned that they collect the email address of the person to whom you send the card; they only mention the information they collect regarding the sender. Did they just forget that important piece of data?
The same issue exists whenever you see an “email this to a friend” link, like those on news, job, and other sites. Beware.
ITauditSecurity 