When is an e-card not an e-card?

When it’s a trojan or virus, of course. Some of you may have received the following email from me:


I’m sending a quick email to a few friends/family just to alert about something I just noticed in my Gmail inbox.

I received an email that alleged itself to be from “GreetingCards.com” which is a respected Hallmark Cards site that happens, I think, to also allow you to send those cute e-mail postcards. The message says something like “someone who cares about you has just sent you a card. Click here to view it” (or something very similar (except “here” is underlined and an internet link).

Don’t click it. Especially if you’re using windows.

The link initiates a download to an ftp site and causes your computer to automatically run a .PIF file. This is the type of file that Windows uses to run old-school MS-DOS programs. Lowly skilled and wannabe hackers use this to pass on viruses and the .PIF file itself is an executable Trojan.

I only sent this email because I *almost* clicked on it thinking it was really a greeting card. I realized that if I can almost be fooled (I like to think I’m pretty savy with a ‘puter), then some of my friends might not think to investigate the link a little closer.

I run a Linux operating system rather than Windows, so its likely that it wouldn’t have affected me in the least, but it will definately affect Windows users and possibly Mac (I don’t know if Macs handle .PIF files or not).

If you get an email like this, its always best to hover your mouse over the link and read the status bar at the bottom of FireFox, IE or Safari to see what the link resolves to. In this case, its a numeric IP and never a good thing to click. I already sent copies of the email to abuse@greetingcards.com and the ISP for the IP address.

And I was just thinking of sending you all a silly e-card when I got that…. 🙂


I’m always an advocate of forwarding phishing emails and emails that clearly link to trojans (usually files with extensions like “.pif” or “.scr”) to the ISP or company that is being impersonated. This allows big corporations like Citi, Chase, Hallmark, etc to sic their IT pros on the issue and resolve problems a little quicker. There are methods they can take to eliminate fraud, phishing, and inadvertant hosting of harmful programs that shortens the lifespan of a given virus, worm, or trojan. And, the less lifespan these things get the less willing the no-good, low-life, wannabe hackers are to create or pass them on.

So, if you ever get an email that says its from Paypal, Citi, Chase, Bank of America, or any institution that handles your money which asks you to click a link to verify your contact information, don’t click that link unless you’re willing to load up your computer with spyware and answer questions that will let a bunch of theives call up the legitimate financial instutitions that you’re a client with to use that personal information against you. They need only your birthdate and last four of a social security number, or simply a mother’s maiden name to access all your banking info and make any changes they wish.

I know. I work for a bank (when I’m not an archaeology student).

What to do:
1) don’t click the links
2) hover your mouse over the links and look for IP addresses, different spellings (http://www. chasse.com), etc.
3) login to you bank’s website using the links provided on bank literature such as statements or the back of your credit card
4) call your bank, credit card or customer service for the institution through the number on your statement or card
5) ask them about the email -my bank usually knows about the latest phishing schemes within hours of them being started and gets daily updates to all customer service reps
6) forward a copy of the email to abuse@institution.com (where “institution” is the domain for your bank, etc. -i.e. abuse@ebay.com)

And there’s one other thing that I recommend for Gmail users:
7) click on the little down arrow in the email header just to the right of “reply” and you’ll find a list of options. One of these is “report phishing.” Doing this will send the email to Gmail and will improve Gmail’s spam/phishing filter for everyone else. Don’t believe me? If you have Gmail, click on “spam” along the left-hand sidebar and browse the messages Gmail catches!

Be the first to comment

Leave a Reply