Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Postcard From a Family Member Malware Email

Summary:
Email purporting to be an eCard notification from a family member leads to a website that can download malware to the recipient's computer (Full commentary below).



Important Note:
Information about the genuine threat discussed below should not be confused with a bogus email hoax that claims that an email with an attachment entitled "POSTCARD" will destroy the hard drive of the infected computer.
(Read an article about the Postcard Image Virus Hoax)

Example:(Submitted, June 2007)
Subject: You've received a postcard from a family member!

Good day.

Your family member has sent you an ecard from [Link Removed].

Send free ecards from [Link Removed] with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.

To view your ecard, choose from any of the following options:

--------
OPTION 1
--------
Click on the following Internet address or copy & paste it into your browser's address box.

[Link Removed]

--------
OPTION 2
--------
Copy & paste the ecard number in the "View Your Card" box at
[Link Removed]

Your ecard number is
a885b5e6291c3de8293ec6968e3ca03

Best wishes,
Postmaster,
[Link Removed]
*If you would like to send someone an ecard, you can do so at
[Link Removed]




Commentary:
In late June 2007, many Internet users reported receiving eCard notifications like the one shown above. The emails claim that the recipient has been sent an eCard from a family member and instructs him or her to click a link in the message to view the card. However, the eCard is bogus and links in the message will lead to a website where malware may be clandestinely downloaded and installed on the recipient's computer.

Varied website addresses are used in the fake eCards, but they generally have a ".hk" domain name.

Following links in the email opens a page that claims that the website is "currently testing a new browser feature" and asks the visitor to click another link, supposedly to view the eCard in its original format. Clicking this second link will download and install a number of malware components.

The eCard ruse is one that has been used a number of times in the past by malware distributors. They capitalize on the popularity of genuine eCard services that may send notification emails in a similar format. However, genuine eCards will normally include both the recipient's and the sender's names in the message.

Be very cautious of clicking on links in eCard notification messages, especially if they have generic references such as "a family member" or "a friend" and do not address you by name. In some cases, the scammers may disguise the real link in such messages so that it looks like it leads to a genuine and well-known eCard website. Therefore, it is always wise to check links in HTML emails before clicking.

If you have any suspicions about an eCard notification message, do not follow links in the message until you have verified its authenticity.

References:
New Phishing Hole for Summer
How to send and receive e-cards more safely
Check Links in HTML Emails
Fake Email Greeting Card Leads To Trojan

Last updated: 26th February 2008
First published: 28th June 2007

Write-up by Brett M. Christensen

Similar Articles:
Storm Worm Hitting Inboxs Worldwide
"Question About Your Photo at flickr" Email Leads to Trojan