We have all received them, right? eCards for birthdays, anniversaries or simply as thank you notes. American Greetings, Yahoo and Blue Mountain are some of the big names but there are a large variety of sites that allow one to send personalized greeting cards via email. Typically the recipient clicks on a link in their email and they are taken to the web site where the eCard resides. They are able to view the eCard and then send one in reply if they like.
Well even eCards aren’t safe anymore with regards to data thievery. In this latest scam, CNet reports that cybercrooks are using ecards that appear to come from a secret admirer in order to collect sensitive personal information. The attacks involve e-mail messages that at first glance appear to be greeting cards. Clicking on the link to view the card, however, first sends the target to a malicious Web site that tries to silently install software that logs the user’s keystrokes. After that the card is displayed.
“It is really quick, nobody notices it,” states Roger Thompson, chief technology officer at security software maker Exploit Prevention Labs. “Unless you actually look at the source of the e-mail and say, ‘Hang on, this is a redirect,’ you wouldn’t actually see it.”
CNet goes on to report that this scam utilizes a flaw in Microsoft’s Windows operating system to drop the spy software and a rootkit to hide it on PCs. Windows users who have installed the MS06-014 patch, released in May, are not vulnerable to this particular silent drive-by installation of malicious software.
Still my advice to Internet users is to not open anything unless you are absolutely sure of the following, 1.) You know the person that is sending the email, 2.)They have pre-informed you that they will be sending some kind of attachment, 3.) In the case of eCards, make sure it is actually your birthday, anniversary or any other event is actually taking place at that time.
My mom regularly sends me eCards for birthdays and anniversaries. These are easily recognizable and always come from the same source. However, I get many others from people I don’t recognize and have even noticed an increase in this type of activity as of late.
Curiosity prompts me to open them because we all like to get cards, don’t we? But my past experience of having to clean up computers from malicious attacks such as this beats out the inclination to click on the links. So beware! That eCard may contain more then just a simple greeting.