The new year rings in another bonus: a rise in bogus electronic greeting cards

It’s that time of year again when fake online greeting cards increase in the daily Outlook mailbox and in web based mail as well).

A common give away? The sender is often listed only by first name – no last name – and includes links to various e-card sites: this was from Michelle offering "Happy Wishes!"

Michelle has created the ecard.

Here’s your greeting card: [this one from included a URL from]

Thank you, team.

As I noted in a post last year on the subject, Brian Krebs of the Washington Post highlighted this problem in his post on Not-So-Friendly Greeting Cards.  Krebs noted that the rise of fake online greeting cards that can install keystroke loggers on to your computer, rather than delivering what you thought to be an innocent e-card from a long lost aunt.

"You might want to think twice before opening that e-greeting card sent to you via e-mail. Cyber crooks have recently been blasting out millions of fake online greeting cards in the hope that recipients will click on the included links and infect their computers with password-stealing viruses.

"Previous e-greeting card scams harbored their viral payload in an infected e-mail attachment, but fraudsters now are simply embedding links in the fake card messages. Anyone who clicks on such a link without the benefit of the most recent security updates for their Web browser is likely to have their PC silently whacked with an invasive keystroke-logging program.

"… It is sad that the state of e-mail security has come to this, but Microsoft Windows users would be well-advised to simply delete any e-greeting cards that land in their inboxes."

For more info, see the Wiki link on the Storm Worm, and here on Symantec’s site.

Also, here’s the link if the embedded links above don’t work:

And see my past note on how there’s no immunity from security vulnerabilities.

More info:

Tags: Microsoft, security, antivirus, antispyware, Windows Defender.

Bookmark and Share