Fred Avolio's Musings

iChat Status

musings on security and other topics topics archives
August
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
most recent headlines other links, other blogs  

:: home :: security :: Ecards.html ::
Mon, 21 Aug 2006
E-Cards

You've gotten them, right? Electronic birthday cards, greeting cards, etc.? You ever get one from someone you didn't know? Every one wants a secret admirer, no?

I received two within a week, so it reminded me to remind friends and family members that you should treat electronic cards as you do any e-mail with an actual attachment. That is to say, "with caution." ("With extreme caution, if you don't know the sender.) Here's why.

Message #1 was this:

From: "Found D. Tyree"
Dear recipient.
Sender at Michelle sent you an "e-card" "Here's the Rub" from 'greeting-cards'. To see your card, click here

This "ecard" will be stored for one week, so print or save the card as soon as possible.
Hope you enjoy our "e-cards". Spread the love and send one of our "e-cards". Brought to you by 'greeting cards' - a better way to greet.

Seems benign. Anyone else bothered by the strange mismatch between the full name and the mail address? "Click here was linked to a web site. I won't give you the URL (because you night click on it). What happens when you do? I don't know. All I know is this. 1) I don't know a Michelle who' send me a card. 2) the "top level" of the URL pointed to a web site that was under construction. The top level had text that read, "Welcome to the home of [the top level domain name]. To change this page, upload your website into the public_html directory. Date Created: Sat Aug 5 12:36:14 2006."

That was 4 days before I got the e-mail. Badguy sets up a web page. Badguy puts a trojan attack on a web page targeted at a particular operating system. Badguy uses spammer techniques to seed the world and waits.

Message #2 was this:

From: greeting@all-yours.net
Subject: You just recieved a E-Greeting.

Hello ,

A Greeting Card is waiting for you at our virtual post office! You can pick up your postcard at the following web address:

http://www.all-yours.net/u/view.php?id=a0190313376667 visit E-Greetings at http://www.all-yours.net/ and enter your pickup code, which is: a0190313376667

(Your postcard will be available for 60 days.)

This is how I received it, mispelled words and funny punctuation (space before the comma after "Hello," and all). That URL actually pointed to a different URL at a different host and the URL ended in ".jpg.exe". Not good. Not good at all.

There was no indication as to who it was really from. And I check URLs. Do you? It's a good habit to get into.

Look three times before you "click".

  1. Does the letter look like it was created by an automated process on a real, in-the-business, e-greeting card company, or does it look like it was quickly generated by someone who has English as a second language?
  2. Do you know the sender? Really?
  3. Do the collars and cuffs match? I mean, does the URL link name and the actual link match?

Comment on this.
[/security/] permanent link