Warning: greeting card emails may include a nasty surprise
By Julie King | July 5, 2007
It is touching to receive a greeting card from a friend or loved one. But some of the greeting cards currently circulating online may touch your computer in ways you won't like.
At CanadaOne we have recently received several greeting cards that appear to come from Hallmark. Most of the links in the email even go to the legitimate Hallmark website.
However, when you scroll over the most important link in the message - the one that takes you to the alleged greeting card - you should notice that this link is different. Rather than pointing at Hallmark.com, the link goes to an external website, in this case www.themusicnetwork.co.uk.
This is just one example of many attempts of "phishing", which basically means convincing someone to click on a link they shouldn't so that the person sending the message can collect personal information, get into your bank account or in this case, to install software on your computer that can then be used for illicit / illegal purposes.
To protect yourself, it is important to understand why these schemes work so well. The people behind them use social engineering - in otherwords they play with your emotions - to convince people to do things they should not.
In this particular example, the person who sent the email realizes that people enjoy the special feeling that comes when you receive a greeting card. With the legitimate links to the Hallmark site they put in enough "cover" to trick many people into endangering their computer by running the executable file.
The bottom line is that it is important to be extremely careful when receiving email that appears to come from a legitimate sender. Check each link carefully before you click on it; warning signs include:
A numeric address
A combination of strange numbers and/or letters at the beginning of the link
(http://3s7354hjg/ebay.com/ is one that we've seen)
A site address that differs - even slightly - from the correct address
Addresses from foreign countries
(http://b6pilot.hk/ is another one we received recently )
It is critical for all Internet users to understand that you cannot assume that the link written out in the email is the same as the actual link. What looks like a safe text link may be a great risk.
For example, we recently got several false notices that appeared to come from RBC (see below). The link written out in the email looked normal, but when you placed your mouse over the link it began with a numeric address.
Recent email received from the sender "Royal Bank of Canada (Online security Services)":
In this example, www.royalbanks.com was included later on in the address to make it look legitimate. The information at the beginning of the address, just after http://, is the most important thing to watch.
These threats are not new. Nor are they likely to go away soon. Some basic knowledge and a diligent attitude are what you need to you protect yourself and your computer online.
If you enjoyed this article, be sure to visit CanadaOne's article knowledge base for more informative articles.