(11/19/2002) Could it be?! Those innocent, fun electronic greeting cards have a dark side? Are ruthless companies really trying to take advantage of our kindness toward others.
SAMPLE CHAIN LETTER TEXT
FYI, Just In Time For The Holidays: Those cute
little electronic greeting cards you occasionally get from friends may be a real problem.
The ones I'm speaking of are those where there's a link that says "[Some Name] has sent you a greeting card. Go here to get your greeting card".
There's a new card company called "FriendGreetings.com". When you get a card notification from them and click on the link, it will take you to their site. You will be notified that you have to install an ActiveX control in order to view the card. When you begin to install, the first thing that pops up is what is known as a "EULA" (End User License Agreement). It is very long, and you will not read it. They're counting on that. When you scroll to the bottom of it and click "Accept," you have agreed to the terms of the EULA.
Part of what you will have agreed to is to have monitoring/spyware software installed on your computer which will periodically report a vast array of data back to the card company. The other part that you've agreed to is to have the software send mail to EVERY SINGLE ADDRESS IN YOUR ADDRESS BOOK.
In short, you've voluntarily agreed to install a virus-type product on your machine. This is not a good thing.
Since there is no virus in the email, and since you're VOLUNTARILY agreeing to install the ActiveX component, VIRUS CHECKERS WILL NOT CATCH THIS.
Just a reminder: DO NOT OPEN EMAIL ATTACHMENTS when you are not expecting them, and DO NOT RUN ANYTHING FROM THE INTERNET WHICH REQUIRES A EULA AGREEMENT.
Contact me with questions.
Jim Willingham, CFCE
Denton County Criminal DA
(Contact details removed by BreakTheChain.org)
END CHAIN LETTER TEXT
Another, much shorter version credits a cable technology network with warning of even more dastardly uses of e-greetings. Unfortunately, many mistakenly associate this warning with the FriendGreeting.com warning.
SAMPLE CHAIN LETTER TEXT
Tonight on Tech TV they warned us not to open e greeting cards. Some popup porn but others install a key logger on your computer. It sends everything you type to a website. Thus it can get your paswords, credit card numbers etc. Be very very careful about opening e-greetings.
END CHAIN LETTER TEXT
Basically, the claims above are true, though somewhat exaggerated. And, FriendGreetings.com (misidentified in some versions as "friend.com" or "FrendlyGreetings.com) is not the only web site using e-greetings as a front for collecting e-mail addresses for spamming purposes. E-greeting services survive on traffic and many have used various tricks to gather subscribers and generate page hits. FriendGreetings.com was just the first to go from simple, clever trickery to virus-like information retrieval - and probably not the last. Though it is morally questionable, such practices are legal, especially when done with the consent of the user. They are simply exploiting most people's lack of attention to detail.
The FriendGreetings.com case has brought much-needed attention to the possible pitfalls of using third-party services and web sites to stay in touch. Why should you have to give your e-mail address and those of your friends and family to some web site to do what you can do from your own e-mail program? Sure the graphics are cute and the animation is cool, but do you really need all of that to say "hi?"
Not every site that asks you to give e-mail addresses to send something on your behalf, or automatically tries to install a program, has evil intent. Many sites (BreakTheChain.org included) offer easy, convenient and safe ways to send articles or links to friends and family without collecting e-mail addresses or sending unauthorized mail. There are also many legitimate applications that web sites will ask you to install to enhance your visit.
What is required to protect yourself is due vigilance. You don't need to avoid every "Tell-A-Friend" form or EULA you see, but you should read the fine print and make sure you understand what will be done with the information you provide. Always read the terms of service, privacy statements, license agreements and other disclaimers on a site before providing e-mail addresses or responding to an invitation that you weren't expecting. This is your responsibility as a user of the site.
Of course, forwarding chain letters like the ones above to everyone you know also provides a potential way for spammers to collect e-mail addresses (from the messages' headers), so in this case, the cure can be as bad as the disease. Break this chain.