I just got a new email designed to trick me into going to a website (and possibly installing spyware) – this one designed to look like one of those “you have recieved an on-line greeting card” emails…
Al at sent you an e-card
“Inspired Note” from greeting-cards.com!
There are 3 ways to view the e-card.
1-Simply click the link below.
2-Copy and paste the link above into your browser’s address window.
3-This is your e-card code: n-yWKyqwg3wP
Go to link removed. Scroll down to the “e-card pickup”
window. Just enter the e-card code and click “go”. For best results, copy
and paste the e-card code.
Hope you enjoy our e-cards! Spread the love and send one of our e-cards!
Brought to you by link removed – a better way to greet!
How did I know it was a scam? Here’s how
- If someone had really sent me a greeting card, it wouldn’t be addressed “Dear Somebody”
- The links to the website actually map to 22.214.171.124, not the website given (which further investigation indicates to be a single PC on the POL.CO.UK isp run by Energis) – more than likely one of many infected by a trojan to become part of a botnet sending these out and serving up spyware to it’s unwitting victims
- The e-card code given doesn’t match the one in the URL
- the second line doesn’t make sense “Al at sent you an e-card”
- Getting into the mail headers – they’re faked to appear it was sent by a Compuserve account – not likely for a POL.CO.UK user, or an on-line card company
However I’ll admit, this one was so good I almost fell for it, it sailed right through my mailservers checks – I didn’t click through it – but it didn’t immediately scream out to me “Danger”.
I’ll investigate a bit more when I’m at home (and can do so using Lynx – a text only browser running on my Linux machine) – but if you follow the rules for staying safe, you will… remember
- Never click a link in an email, ALWAYS cut and paste to your browser or even better, retype it
- If when you hover your mouse over the link, the address in the status bar doesn’t match – be very wary, especially if it’s numeric!
- Read the email – think about the wording “Dear Somebody” isn’t a greeting from a friend
- Keep your firewall, antivirus software and spyware scanner up to date, and use them frequently.
- If you’re not protected by all 3 types of software – you’re not protected at all. There’s plenty of free stuff available however I chose to pay – I use Norton Antivirus, Adaware (registered edition) and the Windows XP firewall in conjunction with a hardware firewall. If you don’t have a strong hardware firewall, get a decent software one.
- Even with all this protection in place, stay vigilant – things can still slip through the protection you have (this one did, although I’ll be amending the anti-spyware rules on my mail server later to trap this one)
- Don’t use Internet Explorer – I don’t know the details of which exploit this nasty was going to use to install itself – but IE is far more vulnerable to this kind of thing than Firefox or Opera (or for that matter Safari on the Mac)
- Keep your PC up to date – Service Packs, Patches, Windows Updates, Antivirus and AntiSpyware definitions all need to be updated. Use “autoupdate” features and check they work
Stay safe out there folks – the criminals are getting more sophisticated – you need to be wise to their tactics to stay safe and not become the owner of another zombie PC sending this stuff to others.
There is a real greeting-cards.com, and it is, in all likelihood a legitimate on-line business – however this post is intending to bring your attention to the fake emails being sent in their name, and no doubt in the name of other similar services