Julie Barrett is a freelance writer and photographer based in Plano, TX.

New e-card you don't want

Fresh when it gets here from Julie Barrett
Friday, December 28, 2007


I wouldn't have even noticed this in my inbox except for the fact that a friend of mine told me she was sending an e-card. (She uses reputable services and was kind enough to let me know in advance.)

This one, in the spam folder, wished me a happy New Year and begged me to visit new year with love dot com (deliberately broken URL) to retrieve my card. A little googling confirmed my suspicions that the e-mail is probably clean (I used a preview function for safety), but the site loads a Trojan.

It goes without saying that you shouldn't visit this site. Here are other steps you can take to attempt to confirm whether or not an e-card notification is genuine:

  • A greeting that purports to be from "a friend" or "a colleague" or "a relative" or any other generic someone in your life isn't genuine. Aunt Martha wants to make sure you know that e-card comes from her.
  • Check the sender name. If the subject line says you have a card from a reputable company and the sender is some random person from a different company, then it's a fake. You can also look at the headers, which will tell you if the sender is indeed from the e-card company. (If you see the from: line says soemthing like: "FROM: Reputable Company (email at someothersite dot com)" then you most likely have a piece of spam. If you're geeky, you can check the IP address of the sender to see if it comes from where it claims. Go to a DOS prompt and type "tracert xxx.xxx.xxx.xxx" (no quotes, and the number of digits will vary in each piece of the address) and you'll eventually find the source of the IP address. If it goes to Reputable Company, then it's less likely to be spam.
  • View your e-mail in plain mode (you'll see the HTML tags) in order to find the link. Make sure the link in the code is the same as the link displayed. Newer versions of Outlook will show the URL when you hover over the link. While the link may display the text "click here to get your card from Reputable Company" the actual link may go to a free web hosting site or an IP address somewhere.
  • If ever you're in doubt, visit Reputable Company's web site. They should have an address where you may send a suspicious e-mail for analysis. Follow their instructions. You'll probably get at least one confirmation message and then a second telling you whether or not the message is genuine.

If you decide not to open the card don't be ashamed, but do find a nice way to break the news to Aunt Martha.

(Yeah, I'm supposed to be doing family business tonight, but passing along advice about this new threat seemed to be a good idea. I'll go slink back to taking care of business.)

Tags: ,


Filed under: Technology   Spam         

  2  Comments
 

Comments are closed
Gravatar
Karen Funk Blocher said:
I got something along these lines on Thursday or Friday myself. My rule of thumb is that if it's not personalized to my name (not just Mavarin but Karen), it's probably not legit. If it passes that test, then I examine it further.
Date: 12/29/2007 6:41:21 PM Date: 12/29/2007 6:41:21 PM

Gravatar
Karen Funk Blocher said:
I got something along these lines on Thursday or Friday myself. My rule of thumb is that if it's not personalized to my name (not just Mavarin but Karen), it's probably not legit. If it passes that test, then I examine it further.
Date: 12/29/2007 6:41:21 PM Date: 12/29/2007 6:41:21 PM





Comments: Add yours!


Search the Journal:

  

Search Tags:




Events and Appearances:
Looks like I don't have any events on the horizon. Would you like me to attend yours? Contact me!
All