07.02.07

Beware Greeting Card Emails

Posted in IT, Phishing / Scams, Security at 5:57 pm by Tyler Reguly

In the past 24 hours I've received multiple "greeting card emails" telling me to visit the website and view my greeting card. A couple of points for people to keep in mind when receiving e-cards.

  1. 99% of the time, the e-card email will contain the name of the person who has sent you the e-card. If the email contains phrases like "an e-card from a mate" or "a worshiper has sent you an e-card", it's most likely not a valid email.
  2. The link that you are clicking on in the email will appear as a valid domain name. This doesn't mean you can automatically trust domain names, but you should instinctively delete any email where the link appears as an IP Address (dotted decimal formation, such as 1.2.3.4).
  3. The email will appear as either the address of the person sending it, or a generic address from the company providing the e-card. If you see an address such as abc123@randomletters.com.tr, the e-card is a scam.

Now let's take a look at a real e-card from E-Cards.com vs a malicious e-card spoofing E-Cards.com.

Valid E-Card

Tyler Testing
reply-to Tyler Testing 
to ht@xxx.org
date Jul 2, 2007 6:36 PM
subject E-CARD from Tyler Testing
mailed-by e-cards.com

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Greetings!

Tyler Testing has sent you an E-Card -- a virtual postcard from
E-Cards.com. You can pickup your card at the E-Cards.com website.

-> If your e-mail is hot-link enabled, click here:
http://cards.e-cards.com/pickup/pickup1.pl?code=xxxxx

-> You may also point your web browser to: http://www.e-cards.com/
Then, visit the card pickup page and input your pickup code:
xxxxx

Your E-Card will be available for 15 days from the sending date.
To keep your E-Card accessible indefinitely, you may want to join
"My E-Cards" -- an option to do so is provided in your E-Card!

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^    Save trees. Learn about wildlife nature and the environment.
^^^          Generate an advertising sponsored donation.
^^^^^  Every E-Card sent helps support wildlife and the environment!
%
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Malicious E-Card

From: E-Cards.Com [mailto:ngz@dostbilgisayar.com.tr]
Sent: Monday, July 02, 2007 12:21 PM
To: Tyler Reguly
Subject: You've received a greeting ecard from a mate!

Good day.

Your mate has sent you a greeting ecard from E-Cards.Com.

Send free ecards from E-Cards.Com with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep
the ecard longer, you may save it on your computer or take a print.

To view your ecard, choose from any of the following options:

--------
OPTION 1
--------

Click on the following Internet address or
copy & paste it into your browser's address box.

http://xxx.209.67.xx/?XXXX

--------
OPTION 2
--------

Copy & paste the ecard number in the "View Your Card" box at
http://xxx.209.67.xx/

Your ecard number is
XXXX

Best wishes,
Mail Delivery System,
E-Cards.Com

I haven't visited the links in a secure VM to see where they point, so I don't quite feel comfortable providing the links on this page. If anyone wants the links, they can feel free to contact me.

Social bookmark this page

2 Comments »

  1. LonerVamp said,

    July 3, 2007 at 12:02 am

    Man, I got a few of those the other day. I had to give them a good look-see since I know some of my family members have, in the past, sent e-cards like this. Naughty stuff… :\

  2. numerophobe said,

    July 3, 2007 at 12:46 am

    The interesting thing about this is that I got one of these of my birthday :)

    Absolutely brilliant.

Leave a Comment