En español | We're into another season for salutations, with upcoming weddings, graduations and homage from the kids for Mother's and Father's Day. It's a time for online e-cards promising heartfelt good wishes — close to 500 million of the cards are sent each year.
See also: Viruses, trojan horses and worms.
Sad to say, many people will discover there's a "con" in the electronic congratulations.
Fake notifications for e-cards are a common and often successful means by which scammers trick you into letting down your defenses. You click on a link that will supposedly take you to a greeting, but instead the link unleashes a malicious program that turns your computer into a spam-sending "botnet" or gives cyber-crooks remote access to your online bank accounts and passwords.
Several successful campaigns of malware-spreading emails have been sent en masse with a fake "@hallmark.com" address. One was traced to Eastern European scammers whose purpose was to steal online financial information.
More recently, bogus e-cards addressed to government workers were disguised as coming from the White House, with a convincing "@whitehouse.gov" address. The cards included a link to a supposed "Merry Christmas" greeting. When clicked, the link infected computers with a hard-to-detect program. It not only stole users' passwords and online account information, but disabled computer security notifications, software updates and firewall settings, reports the FBI's Internet Crime Complaint Center.
So, if you get an email telling you an e-card's awaiting, delete it if you see either of these red flags:
- A sender that is not a recognized name but "friend" or "secret admirer" or a supposed title like "firstname.lastname@example.org."
- A link or attachment that ends with ".exe," which indicates an execute command that could download a nasty virus.
If you recognize the sender's name, it's probably OK to click on the link and open the card. But, in some cases it's possible for a scammer to "spoof" the name of someone you know.
So, for full security, go to the card company's website to get the card. A legitimate card notification message includes a confirmation code that allows you to open the card at the site.
View Hallmark cards at www.hallmark.com/getecard and provide your email and confirmation number. For American Greetings cards, visit www.americangreetings.com and click on "e-card pickup" to enter the confirmation code.
If there's no card waiting for you, the email you got was sent by a scammer.
Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling.