Leo: This relates to the popular social planning website, Evite, and Evite invitations for parties, meetings, and other special events that are emailed out by friends and families. These emails contain a link which the recipient must open in order to view the detail of the invitations. My understanding is that there is no other way to view these details unless you are registered with Evite (I am not), in which case you can go directly to the Evite website to see the information. My family and I receive several Evite invitations each month from our friends. Usually, we (and probably most other people) click on the Evite link without a second thought. Lately, however, more and more of these friends of mine have had their email addresses spoofed or accounts hacked. In addition, you and others have warned us to be very careful about clicking on links in emails. Taken all together, it seems like opening Evite links is riskier than we think. Your thoughts?
In this excerpt from Answercast #24, I talk about the issue of clicking on links in email and suggest ways to keep your email safe.
Become a Patron of Ask Leo! and go ad-free!
Email accounts hacked
First of all, Evite is a reputable service and a reputable company and I believe I’m actually registered with them, too.
The issue is that, yes, email accounts are absolutely getting comprised at a relatively high rate.
It’s kinda scary, but it is not due to for example Evite. It’s actually due, I believe, to other things:
- People falling for phishing attempts.
- People not having good passwords and so forth.
Now, that being said, Any service that you register with, if their database is compromised, then yes; all of a sudden, your email address is out there. It’s potentially stolen by spammers for them to, not so much send email from you, but rather to send you more spam and more phishing opportunities.
Don’t click on suspicious links
So the general rule of thumb for links in emails still holds:
- The rule of thumb isn’t: don’t click on links.
- The rule of thumb is: don’t click on links that you aren’t sure of, that you aren’t certain are appropriate.
Evite falls into the “Appropriate” category for me… but make sure that’s where it’s going.
If you’re not sure, if you’ve got an Evite account, don’t click on the link. Instead, go to the service’s website and login manually there. Supposedly everything that’s been sent to your email address will show up in your account with that service.
That’s the whole idea behind not clicking on links in emails.
Security on websites
Like I said, there’s not really much that’s in your control when you sign up for various services. They then have your email address and that does get put into their database, which they presumably are keeping an appropriate level of security on.
Naturally, we hear periodically of databases being compromised and email addresses being stolen. That’s an argument for using different email addresses for different purposes.
- Sign up for Evite with a different email address.
For any service for which you’re not 100% certain, signup with a different email address; what we tend to refer to as a “throw-away” email address. Then, if something were actually to happen to that specific email address, you can just stop using it without there being too high a cost.
Finally, spoofing: email that gets sent looking like it’s from you.
- You don’t have to have signed up for anything for that to happen!
All that has to happen is to receive some spam, or have something that looks like a common email address. Spammers are always grabbing email addresses from wherever they can.
Posting on websites has been, for example, one popular way for scammers to pick up valid email address. They then not only send spam, but also use those email addresses as the fake “From” addresses on emails that they send.
But in short, as long as you understand that the service that you are connecting to:
A) is the one that you think it is and
B) is a reasonably reputable service (I believe Evite falls into that category)
…then yes, it’s a fine thing to click through.
Next from Answercast 24- How do I clear system information off an old system drive?