Malware Piggybacks on Greeting Card (E-card) Spam

Here we go again. Cyber-criminals just won’t quit (but you know that), - so get ready for another round of greeting card spam email.

Along with all the other crap spam emails I get every day, in the last few days, I’ve noticed a resurgence of that old familiar stand by used by the bad guys – the e-card spam scam.

This is not a new type of scam, or even a new approach to scamming. In the last year alone, email inboxes have being swamped with similar scamming emails from fraudulent sites like Greetings.com, and 2000Greetings.com, amongst others.

This time around, the domain name being used by these scammers is Greetingcard.org, the legitimate site of The Greeting Card Association, a greeting card industry trade association. This organization makes no bones about it when it says on it’s website “We do not publish cards, nor do we have an e-card pick up. If you receive an e-card notification from our association, it is fraudulent and should be deleted”.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting our curiosity. Let’s face it, we are all pretty curious creatures and, who doesn’t like surprises. I think it’s safe to say, we all love to receive good news via email greeting cards. The bad guys know this, and count on it to great effect.

What to watch for:

In this scam (like so many other e-card scams), the body text of the message urges you to click on an embedded link so that you can see the greeting card. However, clicking on this link will lead to malware being installed on your computer.

According to The Greeting Card Association, a legitimate e-card notification will always include the full name or personal e-mail address of the sender. Furthermore, the sender will never be identified by a generic term such as a “friend” or “family member”; terms that are frequently used in fraudulent e-card scams.

Unless you recognize the full name or personal e-mail address of the sender, the e-mail is quite likely fraudulent, and you should obviously delete this message.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

Keep your computer protected. Install a security solution and keep it up-to-date. If you’re unsure if your computer is adequately protected, then checkout - “Need Free Security Programs? – 10 Of The Best!” on this site.

To help you keep ahead of cyber criminals, visit Scambusters.org, where you can get all the latest information on Internet Scams, Identity Theft, Internet Fraud, and more.

From the Scambusters.org website:

Don’t Get Scammed!

Many scammers are very cunning, so being smart is NOT enough to protect yourself. Every day smart subscribers thank us saying they would have been scammed if they didn’t subscribe to ScamBusters.

Don’t take a chance. Subscribe FREE to ScamBusters, a public service and the #1 publication on Internet fraud.