AppyLover2
Well-Known Member
Before you know it, your inbox will begin filling with Halloween cards that say "boo", followed by Thanksgiving cards with dancing turkeys, and Christmas e-greetings with singing reindeer. All of these cards may not bring warm and fuzzy good wishes.
Over the summer of 2007, the flood of messages announcing electronic greeting cards containing malicious software became prolific enough to warrant an FBI alert. The alert, posted in mid-July, warned against fraudulent e-cards sent via spam.
"Like many other Internet fraud schemes, the perpetrators claim the card is from a family member or friend. Although there have been variations in the spam message and attached malware, generally the spam directs the recipient to click the link provided in the e-mail to view their e-card. Upon clicking the link, the recipient is unknowingly taken to a malicious web page," the FBI says.
One widespread attack that probably played a part in prompting the FBI's cautionary statement occurred around July 4. In this case, the messages were disguised as Independence Day greetings, and included subject lines like "Celebrate Your Nation" and "American Pride on the 4th".
Since the FBI alert was released, it is estimated that over 300 million fraudulent messages have been e-mailed to unsuspecting recipients. Their subject lines typically say that the recipient has received a greeting card or a postcard from an unnamed friend, family member, or secret admirer. When the e-mail is opened, the recipient is directed to click on a link to a web site. After the link is accessed, a virus, spyware or adware is downloaded to the recipient's computer. In other cases, just opening the e-card announcement will prompt malicious software to download.
At this point, one of several unpleasant things might happen. The virus might search your computer for personal and financial information and then send it to the perpetrator of the attack. It might corrupt your computer, causing it to become unusable or to crash completely. Pop-up ads may open; adult web sites might launch. It might seek to proliferate itself by sending everyone in your address book a fraudulent e-mail and other types of spam. Or your computer may be turned into a zombie machine that helps attack other computers.
In an interesting twist, some of the perpetrators even ask permission to install the malicious software on your computer by using an End User License Agreement. These agreements are the fine print that almost none of us bother to read, but simply agree to automatically.
How do you defend your computer against attacks like this? Be cautious about all e-mails you receive that announce the arrival of a greeting card. If the message is from someone unnamed and generic, such as "A Relative" or "A Friend", you can consider it very suspicious. Don't open it. Beware of unknown senders.
If the message names the sender specifically and you know that person, it's probably safe to open the card. Even if you know the sender, don't open e-cards that come with attachments.
Large e-card companies have responded to the fallout from this onslaught of malware by tightening security. Some have begun forcing e-card senders to include their first and last names on their cards so recipients can open them with a greater degree of comfort.
For a time, e-card use slowed. Now the public has become savvier about the e-card risk, and the number of attacks is currently decreasing. With the coming of the busy holiday season, this may change. If you receive a malicious e-card, please file a complaint at www.ic3.gov.
Over the summer of 2007, the flood of messages announcing electronic greeting cards containing malicious software became prolific enough to warrant an FBI alert. The alert, posted in mid-July, warned against fraudulent e-cards sent via spam.
"Like many other Internet fraud schemes, the perpetrators claim the card is from a family member or friend. Although there have been variations in the spam message and attached malware, generally the spam directs the recipient to click the link provided in the e-mail to view their e-card. Upon clicking the link, the recipient is unknowingly taken to a malicious web page," the FBI says.
One widespread attack that probably played a part in prompting the FBI's cautionary statement occurred around July 4. In this case, the messages were disguised as Independence Day greetings, and included subject lines like "Celebrate Your Nation" and "American Pride on the 4th".
Since the FBI alert was released, it is estimated that over 300 million fraudulent messages have been e-mailed to unsuspecting recipients. Their subject lines typically say that the recipient has received a greeting card or a postcard from an unnamed friend, family member, or secret admirer. When the e-mail is opened, the recipient is directed to click on a link to a web site. After the link is accessed, a virus, spyware or adware is downloaded to the recipient's computer. In other cases, just opening the e-card announcement will prompt malicious software to download.
At this point, one of several unpleasant things might happen. The virus might search your computer for personal and financial information and then send it to the perpetrator of the attack. It might corrupt your computer, causing it to become unusable or to crash completely. Pop-up ads may open; adult web sites might launch. It might seek to proliferate itself by sending everyone in your address book a fraudulent e-mail and other types of spam. Or your computer may be turned into a zombie machine that helps attack other computers.
In an interesting twist, some of the perpetrators even ask permission to install the malicious software on your computer by using an End User License Agreement. These agreements are the fine print that almost none of us bother to read, but simply agree to automatically.
How do you defend your computer against attacks like this? Be cautious about all e-mails you receive that announce the arrival of a greeting card. If the message is from someone unnamed and generic, such as "A Relative" or "A Friend", you can consider it very suspicious. Don't open it. Beware of unknown senders.
If the message names the sender specifically and you know that person, it's probably safe to open the card. Even if you know the sender, don't open e-cards that come with attachments.
Large e-card companies have responded to the fallout from this onslaught of malware by tightening security. Some have begun forcing e-card senders to include their first and last names on their cards so recipients can open them with a greater degree of comfort.
For a time, e-card use slowed. Now the public has become savvier about the e-card risk, and the number of attacks is currently decreasing. With the coming of the busy holiday season, this may change. If you receive a malicious e-card, please file a complaint at www.ic3.gov.
