I received two within a week, so it reminded me to remind friends and family members that you should treat electronic cards as you do any e-mail with an actual attachment. That is to say, "with caution." ("With extreme caution, if you don't know the sender.) Here's why.
Message #1 was this:
From: "Found D. Tyree"Seems benign. Anyone else bothered by the strange mismatch between the full name and the mail address? "Click here was linked to a web site. I won't give you the URL (because you night click on it). What happens when you do? I don't know. All I know is this. 1) I don't know a Michelle who' send me a card. 2) the "top level" of the URL pointed to a web site that was under construction. The top level had text that read, "Welcome to the home of [the top level domain name]. To change this page, upload your website into the public_html directory. Date Created: Sat Aug 5 12:36:14 2006."
Sender at Michelle sent you an "e-card" "Here's the Rub" from 'greeting-cards'. To see your card, click here
This "ecard" will be stored for one week, so print or save the card as soon as possible.
Hope you enjoy our "e-cards". Spread the love and send one of our "e-cards".
Brought to you by 'greeting cards' - a better way to greet.
That was 4 days before I got the e-mail. Badguy sets up a web page. Badguy puts a trojan attack on a web page targeted at a particular operating system. Badguy uses spammer techniques to seed the world and waits.
Message #2 was this:
From: firstname.lastname@example.orgThis is how I received it, misspelled words and funny punctuation (space before the comma after "Hello," and all). That URL actually pointed to a different URL at a different host and the URL ended in ".jpg.exe". Not good. Not good at all.
Subject: You just recieved a E-Greeting.
A Greeting Card is waiting for you at our virtual post office! You can pick up your postcard at the following web address:
visit E-Greetings at http://www.all-yours.net/ and enter your pickup code, which is: a0190313376667
(Your postcard will be available for 60 days.)
There was no indication as to who it was really from. And I check URLs. Do you? It's a good habit to get into.
Look three times before you "click".
- Does the letter look like it was created by an automated process on a real, in-the-business, e-greeting card company, or does it look like it was quickly generated by someone who has English as a second language?
- Do you know the sender? Really?
- Do the collars and cuffs match? I mean, does the URL link name and the actual link match?