Blayne Sucks

I am not sure if I have mentioned it before on this site, but Brian Krebs is a journalist at the Washington Post and maintains a blog called Security Fix. If you are not a security person and you only really care about computer security issues that would affect you as a generic computer user, this is by far the best single source of information on computer security issues.

His latest post covers an important problem that I’ve already seen in my junk mail folder. Basically, these are nefarious emails that disguise themselves as electronic greeting cards. They are hoping that you’ll click on the link based on the fact that almost everyone has sent or received an electronic greeting card of some kind in the past.

Here’s the text of one of the emails that I received with the malicious URL removed:

Hi. Neighbour has sent you a postcard.
See your card as often as you wish during the next 15 days.

SEEING YOUR CARD

If your email software creates links to Web pages, click on your card’s direct www address below while you are connected to the Internet:

Link removed

Or copy and paste it into your browser’s “Location” box (where Internet addresses go).

We hope you enjoy your awesome card.

Wishing you the best,
Mail Delivery System,
GreetingCards.Com

This looks incredibly similar to the electronic greeting cards that I’ve actually received from real places, especially several years ago when few people knew much about computer security issues. Now things have changed slightly. Take a look at how Hallmark’s electronic greeting cards appear:

Hello!

NAME has sent you a Hallmark E-Card! To see it, just click the link below, or copy and paste it into your browser’s address line:

Link Removed

Or you can follow these steps:

1. Go to our homepage at http://www.hallmark.com
2. Click “E-Cards & More”.
3. Click the link that says “Pick up an E-Card.”
4. Enter your e-mail address and this number: Number Removed. Click “Display Greeting,” and enjoy your E-Card.

With best wishes,
Your friends at Hallmark

Your privacy is our priority. Click the “Privacy and Security” link at the bottom of any page on Hallmark.com to see our privacy policy.

You’ll notice that the first part is very similar to the nefarious example, but there’s an important difference in the second part. Hallmark gives you instructions on how to access your card without directly clicking on a link in your email client. Phishing scams are built around the theory that they can trick you into believing their site looks legitimate as long as they can get you to click on one bad URL.

Brian Krebs gives the following advice at the end of his post about this:

I have never been a huge fan of e-greeting cards, mainly because they condition people to click on links in e-mail, especially when malicious links are one of the broadest vectors for e-mail borne viruses and worms. I realize there are several established and legitimate e-greeting card companies that base their business on this practice. It is sad that the state of e-mail security has come to this, but Microsoft Windows users would be well-advised to simply delete any e-greeting cards that land in their inboxes.

This is pretty good advice. I always felt a bit “bad” about electronic greeting cards, automated invitations to join social networks and similar emails but have been unable to express why nearly as well as he does here. However, if you absolutely must view electronic greeting cards, I would highly recommend that you do so in a manner that doesn’t involve directly clicking on any links in your email client.