Zyra International NET //// Zyra's website UK //// Rogues among emails //// how to avoid computer viruses //// Site Index

e Greeting Cards not always what they seem


It's nice to receive a greetings eCard, but beware as these things aren't always what they seem. In fact, these days when you receive an email telling you about a virtual greetings card someone has sent you, with a link to some website or other, you have to be careful! It might be genuine, but it might be a virus/scam/phishing-attack! (Also see the Hallmark E-Card virus). The fake ones link through to things that can harm your computer and steal your personal details, so it's important to get this right, preferably without falsely accusing your kind friends of sending you problems. I know how to tell the difference and I'll explain, but first, here's a message and reply I've sent as a test:

----- Original Message -----
From:
Jerry
To:
linkreq (link request page at Zyra's site)
Sent: Saturday, December 22, 2007 4:13 PM
Subject: You have received an AmericanGreetings Merry Christmas eCard

Jerry has sent you an ecard.

To view your ecard, choose from the options below.

Click on the following link:
http;/americangreetings.846123.cn/display.pd.php?prodnum=3132601&path=98842

Please do not reply to this email.

Thank you!
Your friends at AmericanGreetings

--------------------------------------------------------------------------------

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.17.6/1192 - Release Date: 21/12/07 13:17

First clue on this is I don't know the person it claims to be from. That's a crucial piece of evidence in the first approximation to whether it's a real e-greetings card or a scam! Also, it's not come in to any of my personal addresses, but to the link-request address, which makes it suspicious as it's not a link request. Surely my friends would send to me rather than to my link request.

I replied...

----- Original Message -----
From:
Zyra
To:
Jerry
Sent: Saturday, December 22, 2007 9:08 PM
Subject: Re: You have received an AmericanGreetings Merry Christmas eCard

Hi Jerry,

Have you really sent me a greetings card? That's very nice of you.

I'm always careful about these incoming items as some of them are phishing attacks. For example this one looks suspicious as it is .cn and therefore I'll not be linking on it.

Kind Regards,

Zyra

www.zyra.org.uk

Well it's true! I have received American Greetings wellwishings before, and they do not have .cn (China) on the end of the address. Notice, though, that even if I was mistaken, for example because American Greetings had now for some reason started sending their emails from China, I'd still not have insulted my "friend" Jerry, who would by now be a forgotten friend working for a company whose address I did not know.

It was a polite reply I sent, but here's the response I got...

----- Original Message -----
From:
Mail Delivery System Mailer-Daemon[splitch]yankee.rb.xcalibre.co.uk
To:
Zyra
Sent: Saturday, December 22, 2007 9:16 PM
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

Tilley63@alex-extrusion.com
SMTP error from remote mail server after RCPT TO:<Tilley63@alex-extrusion.com>:
host alex-extrusion.com.s6a1.psmtp.com [64.18.5.10]:
550 5.1.1 User unknown

------ This is a copy of the message, including all the headers. ------

Return-path:
zyra.org.uk

Received: from 88-105-61-115.dynamic.dsl.as9105.com ([88.105.61.115] helo=valkyrie)
by yankee.rb.xcalibre.co.uk with smtp (Exim 4.53)
id 1J6Bi3-0007Sd-P5
for Tilley63@alex-extrusion.com; Sat, 22 Dec 2007 21:16:49 +0000
Message-ID:
From:
zyra.org.uk
To: "
Jerry"
References:
Subject: Re: You have received an AmericanGreetings Merry Christmas eCard
Date: Sat, 22 Dec 2007 21:08:36 -0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0023_01C844DE.D13689E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
X-Whoson-Authenticated-User: zyra4

This is a multi-part message in MIME format.

------=_NextPart_000_0023_01C844DE.D13689E0
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable ...etc

...which means it was sent from a non-valid address. That's the clincher, a confirmation that it's fake. This also means it's very likely to have been spoofed which means that the extrusion company isn't to blame and are also the victim of a hoax. Note: In an email message, "do not reply to this email" already gives a 90% chance it's dodgy anyway!

Here's the reply I could hypothetically send for show...

----- Original Message -----
From:
Zyra
To:
Jerry
Sent: slightly later
Subject: Re: Re: You have received an AmericanGreetings Merry Christmas eCard / Mail delivery failed: returning message to sender

Hi Jerry,

Sorry to hear you're not real, and just when I was in hopes you were sending me a genuine greetings card.

Never mind, eh. At least this has given me the opportunity to expose this kind of thing to warn other people of the peril they face when receiving a greetings card.

Not only have I not been fooled into visiting that phishing link, but now a great many other people who read with fascination the stuff at my interesting website www.zyra.org.uk will be enlightened into the nature of these things.

Americhristmas to ALL!

Kind Regards,

Zyra

www.zyra.org.uk

So now you know: beware of incoming greetings cards! Don't get me wrong; I'm not saying all email cards are phony. Indeed, I received quite a few genuine nice greeting cards in this festive season, and they tend to arrive sporadically throughout the year too. It's just that you have to be sure that a greeting is genuine before you open it. Here's how to be sure:

* When an email arrives telling you the news you've received a virtual greetings card from someone, don't click on the link. Instead, write to that person (using the address in your address book not the one on the virtual email card). Thank them and ask if they really have sent you a greetings card. Include unique characteristics in your message.

* If a reply comes in verifying that your friend really did send you a greeting, (and verifying details within the original notification message and the characteristics in your query message) then you are safe to click on the link in the original incoming message.

* Or, if no reply comes, or if a bounced message comes, or if you get a message saying "nice to hear from you, but it wasn't me!" etc, then you know it's a fake, spoofing, or other problem, and you've saved yourself a lot of trouble.

By this method you can still receive e-greetings cards from people who wish you well, and yet at the same time you can defend yourself against sinister attempts to invade your computer by crooks masquerading as your friends.

Your safety is improved greatly versus these e-dodginesses if you can read a web address. Most crooks assume you are entirely uneducated in this matter and/or that your web browser is crippled/hacked/uninformative in the matter of hover-over information!

Also see messages pretending to be from your bank - another matter of breach of trust. This type of thing is rarer in the physical world, but it's happened to me. See this crime in Belize. Also see spam , spoofing, and Identity theft. There's also an amusing anecdote of fakery at the story of spam senders make it easy for us. Plus, there's the Hallmark E-Card Virus which has been overplayed.


See the genuine American Greetings