Share this story
Close X
Switch to Desktop Site

'Tis the season to be ... wary of e-cards

Next Previous

Page 2 of 4

About these ads

As he tracks the flow of junk mail from month to month, David Cowings sees very few spikes. Mr. Cowings is a senior manager at the computer security firm Symantec in Austin, Texas. A "spike" assumes that, after shooting up, the rate drops back down.

In fact, the number of spam messages climbs steadily year-round, rises faster each winter, and then continues at that elevated level after the holidays, he says.

It's hard to estimate how much of that junk mail is fake e-cards. But many spam experts agree that the proportion of online greetings surely snowballs each winter.

"It's all a matter of social engineering," says Nick Newman, a computer crime specialist at the National White Collar Crime Center in Richmond, Va. "Since people are expecting to receive cards around Christmas, spammers take advantage of it" and craft their e-mail to match the moment.

"Remember, the most successful e-mail virus of all had the subject line 'I LOVE YOU,' " says David Perry, director of education at Trend Micro. "People respond to 'Merry Christmas' just as well."

One suspicious e-card crawling the Web this year tries to exploit users' feistier side. When opened, the e-mail loads an image of a rascal throwing a snowball at your screen. "You have just been hit with an e-mail snowball!" reads the card, which Symantec included in its December spam report. The card tells readers to forward it on to friends and share the fun.

The snowball card itself is harmless, but it's likely part of a larger scheme. "Each time the e-mail is read, a request is sent to the server hosting the image, and the user's e-mail address is stored ... on the spammer's server," says the Symantec report. So, next time the spammer wants to send out junk mail, he has a fresh list of addresses.

Another of this year's crop put a professional polish on an old trick. The card used Hallmark's official logo and a convincing e-card template to hide its intentions. All the links led to, except the line "To see it, click here." That link would download a program onto your computer that unlocks the PC to hackers.

Next Previous

Page 2 of 4

Follow Stories Like This
Get the Monitor stories you care about delivered to your inbox.