Evite as a means to do nasty things (to your computer)

I received an ‘evite’ today (my very first, btw) from someone I had never heard of before. I didn’t click to “RSVP” but it dawned on me that had I clicked, I might have inadvertently allowed my computer to download something evil (I think). I looked at it in much the same way I do attachments from sources I don’t know/trust, i.e. never open them.

Am I right? Can someone either use ‘evite’ directly, or mimic its appearance, to get me to click on something I would regret (beyond a zillion, one-time, pop-up ads)?


My experience has been that “evites” are reliable and that the website doesn’t download viruses/malware to your computer, at least for official evites through evite.com. That said, it’s always possible for someone to put up their own website that pretends to be the “evite” website, which may do bad things to your computer. Just make sure the URL is through “evite.com” or another reputable source (not sure if there are competitors in this field).

Couldn’t it be coupled with a URL spoof? If so, I’d then be clicking, effectively, on another site/page,no? I suppose, given the popularity of evites, it’s only a matter of time. I mean it’s a great way to fool people into forgetting about not clicking on “the unknown”, isn’t it.

You can make up an email to look like it’s from any company. I’ve gotten them “from” Bank of America, Amazon, eBay, PayPal, Wachovia…all you need is a copy of an actual email from one of those places to compare to, and you’re in. You can even direct link to images on the real site.

You can send email from anything@anything.com. Some spam filters will catch it because header entries don’t match up, but it’s not a given.

Spammers/phishers/spoofers like to make their links go to, say, www.evite.com.myspamsite.com or www.evitie.com or something like that. People see the www.evite.com part and assume it’s legit.

So you’ve got an official-looking email from an official-looking address with actual official images, and a partially correct-looking domain saying “CLICK HERE!”. Very tempting to click.

Send out enough of these things from a big enough site/company and you’ll end up sending to lots of actual customers/users of the site. That makes it even more tempting to click.

So yeah, it can happen to evite, it can happen to anyone.

I even saw a fake e-mail from some bank that said “Protect yourself from e-mail scams. Please confirm that code 1234 appears at the bottom of this e-mail.” Sure enough, code 1234 was down there. :slight_smile:

Before I started using GMail, I set things up so that the mail reader would not let me click on a URL. That way I had to retype or copy/paste the URL and this is the only way to be sure you’re going where you want to. (In GMail, I right-click and copy the link location, then paste that).

I read about evites that the company that provides them as a “free” service harvests the email address of people who use them to sell to spammers. There is a particular trick in play, too, called a “web bug”. It is a tiny little graphic that is only one by one pixel. But, if you use the evite (including responding to one), your pc downloads the web bug as part of the page, and something about this distinctively shows them you are responding to the email, making your own email address more valuable to spammers.

I think I butchered this a little, but I did decide not to respond to any evites after reading about them a couple years back.

Most mass emailers (Constant Contact, Mail Chimp, etc) include a 1x1 transparent gif in their emails to track “opens” as a feature. The senders can then see who has opened the email they sent.

The code would be like…

<img width="1" height="1" src="http://mailservice.com/viewtracker.php?userid=12&newsletterID=70202&email=someone@domain.com">

Opening up an email with that code in it would hit a php page called viewtracker and the sender’s user ID, the newsletter’s ID and the email address of the recipient would be tracked.

You can thwart the tracking by not allowing images to display in your email program, whether it be Outlook, Thunderbird, GMail, Hotmail, etc.

But, it’s not uncommon for a tracking image to be in an email newsletter. In fact, most mass emailers would be useless if they didn’t do this, as the whole point of sending out newsletters is to see who’s opening them.

Unfortunately, while it’s a very good thing for legitimate companies wanting to do successful email campaigns, the same technology can be used by spammers to verify that addresses exist. That’s why using the Preview Pane on your email application can be a bad thing, if you don’t turn off images and you view spam before deleting it.

The fact that evite uses this technology is not nefarious on the surface, but if they cull the addresses and sell them then it is a bad, bad practice. Then again, they are undoubtedly storing your email address when someone sends you an evite whether you open the email or not, or reply or not, so they’ve got your info anyway. Collecting information on whether or not you viewed and whether or not you responded is actually good information to supply to the account holder…but once again, bad news if they are sending it to third parties.

Whether or not they do send to third parties is something we may never know, but that might be how a free service like evite makes its money. (not to say that this is a very nice way to make money, or that I approve of it)

Zipper JJ and Napier: Funny you should mention that. When I tried to forward the “evite” e-mail to our IT people, I was “warned” (either by Windows itself or the virus checker, I’m not sure which) that in order to do I would have to “download content from a server other than (my) e-mail server”. So, even more reason for me to have declined. Of course, this means either that Evite does what you are describing, or it was, indeed, a spoof.

Weren’t there any other images in the email? Could be that your mail client was viewing images remotely (like from http://website.com/image.jpg) and wanted to embed/attach the images on forward. This doesn’t indicate that anything bad was going on, or that the email was illegitimate.

Can you forward the email to my username at yahoo dotcom? I’m curious to see it now. Don’t worry about infecting me with anything, I’m good :slight_smile: