Be Wary of E-Cards in your E-mail!
If you have an e-mail account you've probably seen them. With subject lines of "Someone sent you and e-greeting", "Happy New Year 2008", "I love You", and others, E-Cards are filling up email Spam folders by the millions worldwide.
I've found some sites for you to check out to learn what they are, what to look for, and how to protect yourself against the threats they potentially hide.
The first is the definition and reference information from Answers.com
And here are some web sites that explain the potential threat:
Ezine @rticles "Beware of e-Greeting Cards - The Newest Spyware Threat"
Amuletta Computer Security Inc. "Are these e-cards I'm getting safe?"
F-Secure Weblog has multiple posts about the latest e-greetings and other Holiday Threats.
USA Today - Technology "Spammers find new ways to slip through"
This e-card/e-greetings threat is just one of many that can come by way of your email inbox. Take some time and learn about the threats you need to be aware of. Don't just click on links, whether they're in an email or on a web page. Many are designed to tempt you or your kids. Think before you click!
After reading about these threats, you might be wondering "How do I protect myself?".
First of all, make sure that your computer has all the latest security updates installed.
Second make sure your security software is up to date. That means definitions/signatures and the main program itself. Also remember that the most dangerous threats are brand new ones that aren't know to security software companies yet, and as such they won't have an updated set of virus signatures for your computer security software. There are software programs that don't rely on 'signatures' to detect certain threats but instead block specific behaviors, guarding vulnerable areas of your computer's operating system and at times asking you to specifically OK a potentially hazardous action before it's initiated. There are many different security programs out there. Below I'm going to list the programs that I use myself.
Third, be skeptical! Don't get enticed by the social engineering telling you to "Check THIS out!", or "You have to see this", "A friend sent you this e-card" and similar come-ons.
Here's some of what I use:
Avast Antivirus
Exploit Prevention Labs "LinkScanner Pro"
Notes:
- Make sure you turn on the "Tea-Timer" in Spybot S&D. That's what protects your system full time. Go into Tools -> Resident (make sure both check boxes are checked).
- When using SpywareBlaster, make sure you [manually] check for updates frequently.
- I don't have Spyware Doctor running all the time. Mainly because Spyware Doctor uses a lot of memory when it's running.
- LinkScanner Pro is the only one that isn't free, but it's only $19.95, and they do have a 'lite' version available that is free.
- HijackThis has a bunch of web sites and forums dedicated to helping users analyze the results. Just Google "HijackThis Forum" (or just click on this link) and choose from those results or go to the Merijn.org page and choose from the list he put together.
Also note that there many very good security software options available to you aside from what's on my list, and some of the reasons I use what I do are based on my particular system and other factors. You may find that certain ones work best for you. The main thing is to keep your system protected, keep that protection up to date, and don't take security for granted. There are always new emerging threats to be aware of, and new software solutions to deal with them.
Until next time, have fun, educate yourself, and remember to put security first!
You're smart
Justin, I wish there were more people with your good sense. My hope is for people to take security seriously and learn the pitfalls without having to learn the hard way. Of course the hard way has a way of getting your attention and leaves a more lasting impression! I know that's certainly been my experience!
And you're right on about requests for your login and other info. Links in emails may appear to be valid, but actually redirect you to a another site or fake page that looks genuine but isn't. Any information you enter will go straight to the crooks. As you said, the safe thing to do is avoid the link and go to the site by carefully typing the [known] URL into the browser's address bar or using a link that you have 'bookmarked' previously.
Thanks for the comment
Hi TR,
Great post and thanks for the tips! I've received a ton of these "e-greeting" cards, but luckily was savvy enough to delete them straight away. I think it's also important for people to be cautious about any e-mail that asks you to log into a website, as I once had my PayPal account hacked into as a result. If an e-mail says to check the status of your account on a certain site, just open your web browser separately instead of clicking through.
~Justin