Greeting card scams, that count on your curiosity to see who is sending something to you and know what the card says, are now one of the most common methods organized crime uses to distribute malware onto computers according to a Panda Securities Q2 2009 report.
Tthis scam plays to human nature – the desire to be acknowledged, and curiosity about the sender.
Learning to spot and avoid these scams is easy to do and will spare you the grief of getting malware.
Test Your Skills
You should be able to find at least eleven red flags that tell you this e-mail is fraudulent. If you find all six, you’re a pro with little to worry about. If you find fewer than four, consider practicing on some more of our spam scam examples.
Here are the red flags that show this email is a scam:
- The first red flag is provided by the email service. If you see a notification at the top of the email from your service provider, pay attention. It means the service, in this case Hotmail, has recognized that the sender is someone they do not recognize and consider this suspicious enough to warn you with the notice in the yellow bar. If you see a red bar across the top it means the service feels the risk is extreme.
- While the company is legitimate, the email address isn’t. The actual company is 123greetings.com, not .biz. You can look up a company by searching on their name using a browser to find out if it exists. In this case, when you type in 123 greetings the first option is for the legitimate site, and the McAfee Site Advisor marks it as safe with a green checkmark.
Typing in 123greetings.biz shows a warning by Norton Security that the site contains a variety of malware.
- The sender does not know who you are. If someone actually sent you an e-card the company would know your email alias and address the email appropriately.
- There is an attachment the sender wants you to download.
- If the email were legitimate, it would be addressed to you personally.
- A real company would indicate who sent you the card, not simply say ‘your friend’. This tactic though has two merits for the scammer. The first is they don’t have to correctly guess who might be a friend of yours, the second is it builds your curiosity, because you’ll be wondering who sent it and be more inclined to click and find out.
- Hovering over the URL in this email shows you that the actual address is www.freebwebtown.com/ihopeyoudie/ecard.exe. If the company were 123 greetings, the URL would indicate 123greetings, not ‘freewebtown’. The name of the specific card you are to receive is named ‘ihopeyoudie’ – very charming. And if you look at the format you will see it is not a website at all, it is actually an .exe, or executable file meaning it downloads and executes (runs) a program on your computer, which is, of course, infected with malware waiting to steal your information and wreak havoc on your computer.
While curiosity in this case won’t kill the cat, it will seriously sicken your computer and compromise your information.