Thursday, July 05, 2007

Fake Greeting Card E-mails and Sites

In last year's eNews, we ran an article called eCard Sites To Stay Away From. If you go to some of these sites to send a virtual greeting card, you ran the risk of becoming infected with malware.

Normally, when you use sites like AmericanGreetings.com or Hallmark.com to send a virtual birthday, anniversary, etc. to friends or family, the process works like this. You pick a card, create a message, and enter the person's email address. You add your own email address and you can send the E-card. Your friend or family member is notified to pick up the card on the web site via email. They will need to click on a link in the message to see the greeting. Pretty standard stuff.

Recently, phishers have begun to exploit this common service in a new way. You might RECEIVE a fake card with URLs that, when clicked on, take you to a malicious site. The computer can then be infected with malware that attempts to steal information to be used for identity theft.

Most of the real greeting card services give you, in the email notice, the name or email address of the sender. If the message simply says "a friend sent you a card," with no identifying info, as in the above example, DELETE the message without clicking on the link.

No comments: