IAS Security Hero

Would you send this postcard in the mail?

The front of a postcard with a tropic scene in it.This month we are greeted with an apparently innocuous postcard from the beaches of Hawaii.

The words "Would you send this postcard in the mail?" are emblazoned across the bottom.

When we flip the card over, though, we see a message from Bob to Alice which contains some curious information.

I don't think that Bob would want his Social Security Number, birth date, credit card number and expiration date and his password seen by anyone but Alice.

So, why would Bob send this information on a piece of mail that is totally exposed to anyone who carries it? Every letter handler, every post office hub that this postcard travels through has the potential to read this confidential information during the journey to Alice.

Email is transferred in the same way. It travels through various hubs throughout the Internet before arriving at its final resting place. The email is as transparent as a postcard.

The back of a postcard with various examples of sensitive information, like credit card and social security number exposed.

The difference between email and postcards is that email is processed by computers to determine its route. These computers must look at the date, recipient address and figure out where to send the email next.

A malicious person who controls one of these hubs could intercept emails that contain credit card numbers or social security numbers very easily.

When sending email, think twice about the information you are sending. Is it more appropriate to give this information over a phone call, or in a sealed envelope?

If you need to send this information via email, there are solutions available that will allow you to do so. Please contact Brian Epstein <security@ias.edu> for more information.

Click the images for larger versions of the postcard.