Be Wary of Electronic Greeting Cards

Dan Albrich
Manager, Microcomputer Services
dalbrich@uoregon.edu

Over the holidays, you may have seen more online greeting cards (e-cards) in your mailbox than usual. Instead of a friendly communiqué from a well-wisher, however, an e-card is often the delivery system for computer viruses and spyware.

The safest practice would be to avoid e-cards entirely, but if you must send and receive e-cards, be sure to follow some basic safety precautions. Manually enter URLs instead of clicking on them, or cut-and-paste them to avoid common misdirection ploys. Always avoid downloading and then double-clicking on anything!

How to Identify a Bogus E-Card

ScamBusters.org (http://www.scambusters.org/ecards.html) has some useful suggestions for identifying a bogus e-card. Here are some of the most common tip-offs they mention:

• Spelling mistakes (e.g., "Congratulation!", or a misspelling of your name).
• Errors in the message (e.g., the message says you sent a card instead of receiving one).
• The sender isn't someone you know.
• The sender has a bogus name (Joe Cool, Agatha Tragonawar, Card Sender, Secret Admirer, etc.).
• The URL appears odd (e.g., www.http:// instead of http://www).

How to Avoid Trouble from Fake E-Cards

ScamBusters also lists some common-sense rules for avoiding trouble from fake e-cards:

• When in doubt, don't open an e-card.

• Immediately delete any e-card from someone you don't know.

• Never click on anything from an unknown source, never open an attachment from an unknown source, and never download from an unknown source. (It's really as simple as that!)

• Never click to accept terms from any company without reading the fine print. The fine print in one e-card scam actually asked users to allow the company to access their address book and forward a message to everyone in it!

• Use antivirus software and keep it up-to-date. (The UO has a site license for McAfee Antivirus software; see http://micro.uoregon.edu/av/mcafee.html for more information on how to get and install your copy of McAfee.)

• Avoid Internet Explorer. Many e-card scams exploit loopholes in Internet Explorer, so it's best to use Mozilla Firefox (http://www.mozilla.com/) instead. Be sure to keep Firefox updated to protect against exploits.

• Don't open any e-card that contains an attachment. You never know what is really in that attachment until it's too late.

• Be skeptical and alert. If something seems fishy, be cautious. Remember, a Trojan virus can make a phony e-card look like it's coming from a friend or family member.

The Safest Bet is to Avoid Using E-Cards Entirely

E-cards are inherently exploitable. Unlike a simple email message, e-cards require the user to click on a URL or an image to be viewed. For this reason, the safest bet is to avoid sending and using e-cards.