Home   About Us    Services and Products   Support   Contact Us

Support Overview

Help Desk

Online Service Request

Emergency IT Support

Security Alerts

Computer Usage Tips

Security Alerts

Just Say "No" to E-Cards
8/8/2008

Most people never consider the dangers of e-cards, and unfortunately, there are plenty of dangers. Since there are quite a few e-card scams going around right now, we want to help you make sure you don't become an e-card scam victim. We recommend that you just say "no" to e-cards.

What is an e-card
An e-card is similar to a postcard or greeting card, with the primary difference being it is created using digital media instead of paper or other traditional materials. E-cards are made available by publishers usually on various Internet sites, where they can be sent to a recipient, usually via e-mail. The e-mail received by the recipient contains not the e-card itself, but an individually coded link back to the publisher's web site that displays sender's card exactly as it was originally configured.

E-cards have become very popular over the past few years. They are a very convenient and inexpensive way to send greetings to your friends and family, and they can even be used to promote your business. There are thousands of e-card companies.

Malicious Content
A legitimate-looking e-card, once the link is clicked, might actually be a computer virus, spyware (an attempt to steal your identity, your credit card number, or your bank account), or spam. One common e-card scam involves e-cards that download spyware or adware; they get you to agree to this in the fine print when you click saying you accept the terms of the e-card company. The e-card might look like it comes from a legitimate e-card company such as Hallmark, but the link that is displayed might not be the actual link that is used when you click on it. (This is one reason that we recommend that you read messages in plain text; links cannot be disguised like this in plain text messages.)

In late June 2007 a lot of e-mails with the subject line "You've received a postcard from a family member!" and other similar subjects, were seen making their way across the Internet. Unfortunately most of these e-mails contained links to malicious web sites where JavaScript was used to exploit the browser in order to compromise a system.

This is an example of what is called social engineering, a malicious person tries to trick the recipient into doing something (in this case following a link to a malicious web site) that the recipient would not otherwise do.

By now, we should all know not to follow links (or open attachments) in unsolicited e-mail messages (which is essential what all e-cards are). Remember, even opening attachments that appear to come from friends or coworkers puts you at risk. Even if you verify with the sender that they really did send you an e-card, does the sender really know everything that the e-card provider's web site does and that the e-card provider is safe from someone compromising their web site?

We recommend that, when you receive an e-card, you:

(1) Do not follow the link to pick up the e-card.

(2) Instead send a message to the supposed sender of the e-card (if it is someone whom you know) asking them if they really sent you an e-card and if so, to please express what ever sentiment they were trying to convey in the e-card to you in a plain text message. You can explain to them that e-cards are just too dangerous.

(3) Just delete any fake e-cards e-mail messages.

Since you should not be opening e-cards, please don't send them so that others would be tempted to open them (and see below about disclosing the e-mail address of your correspondent).

E-mail Address Disclosure
Since many e-card companies are privy to the e-mail address of the recipient and often also the sender, and whether the recipient reads the card, spammers can use e-cards for finding active e-mail addresses. In some cases, it may be illegal for an organization or business to use an e-card service to send greetings to its customers. For instance, data privacy laws may forbid a business from disclosing information about customers to a third party--including names and email addresses.

Find out more about our managed care service.

To find out how vulnerable your network is schedule a free network security analysis today.

Privacy Policy

© 2009-2013 IT Professional Services All rights are reserved.  (805) 650-6030