Today's issue answers the most frequent question we've
received over the past month: "I'm getting a LOT of ecards all
of a sudden: are they real or are they ecard scams? If
they're scams, can you explain how they work?"

Ecards are a fast, inexpensive and creative way to send
greetings to friends and relatives, but they're also a
valuable tool for scammers who want to trick people into
downloading viruses, spyware, Trojans and more!

Some scammers actually ask permission to install rogue
software on your computer using a "EULA" (End User License
Agreement) that most ecard recipients don't bother to read.

Some ecard recipients are told to download certain software to
read their message. Then, this program bombards everyone in
their address books with scam ecards and unwanted marketing
messages.

Discover how to defend against the latest wave of ecard scams!

First, though, we recommend you check out the most popular
articles from our other sites during the past week:

How Young Is Too Young For a Cell Phone?
http://www.consumertipsreports.org/how_ ... phone.html

The Credit Cards of the Wealthy
http://www.creditcardtipsetc.com/credit ... amous.html

How Myspace, Facebook and Other Social Websites Pose an Identity Theft Risk
http://www.identitytheftfixes.com/are_s ... theft.html

Benefits of Liquid Bandage Products
http://www.emergencypreparednesstips.or ... ducts.html

On to today's main topic...

<>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><> ~<>~<><>~<>
Ecard Scams: Greetings! A Scammer Has Sent You an Ecard!
<>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><> ~<>~<><>~<>

Ecards scams have existed since legitimate companies first
offered consumers the ability to customize and email REAL
greeting cards via the Internet.

Since late spring, however, we've been flooded with emails
from ScamBusters readers complaining about a new wave of scam
ecards and postcards.

Here's a typical email:

~~~ Begin Ecard Scam Email ~~~

"Subject: You've received a postcard from a Neighbor!

Hi. Neighbor has sent you a postcard.

See your card as often as you wish during the next 15 days.

SEEING YOUR CARD

If your email software creates links to Web pages, click on
your card's direct www address below while you are connected
to the Internet:

[URL of bogus ecard here]

Or copy and paste it into your browser's "Location" box (where
Internet addresses go).

We hope you enjoy your awesome card.

Wishing you the best,
Mail Delivery System,
PostcardsFrom.Com"

~~~ End Ecard Scam Email ~~~


Malicious Goals

There are a number of variations on this email that have been
sent by different scammers using different company names and
websites.

In addition to the bogus ecard offer above, Sophos.com reports
that widespread malware attacks occurred around the July 4
holiday, disguised as Independence Day greetings.

Some of the many subject lines used include:

4th Of July Celebration
American Pride, On The 4th
America's 231st Birthday
Americas B-Day
America the Beautiful
Celebrate Your Independence
Celebrate Your Nation

http://www.sophos.com/pressoffice/news/ ... july4.html

We expect you will see similar attacks on future holidays.

In general, a scammer's goals fall into four categories:

1) To install viruses on your hard drive that will wreak
havoc with your computer.

2) To install spyware or Trojans on your computer that will
scan your machine for personal and financial information.

3) To install adware that will bombard your desktop with
pop-up ads, launch adult websites or send phony ecards to
everyone in your address book -- cards that appear to have
come from YOU!

4) Turn your computer into a 'zombie' to help spam or attack
other computers.


Methods of "Infection"

Not all scammers use the same tactics to infect your computer
with rogue programs.

In some cases, merely opening the phony ecard will cause
malicious software to download onto your computer. In other
cases, you'll be prompted to install software that the scammer
claims is needed to view your special greeting card.

The cleverest method of spreading rogue programs is to ask
your permission first! Once you reach the scammer's site,
you're presented with an End User License Agreement (EULA),
packed with page after page of "legalese."

Buried in the fine print -- and it's all fine print -- is
language informing you that the company WILL install certain
programs on your computer once you agree to the terms and
conditions.

Unfortunately, seasoned Web surfers are so used to
automatically accepting these EULAs that few bother to read
them. And obviously, almost no one asks an attorney to
translate all that legalese.

According to Snopes.com, a new wave of phony ecard
notifications began reaching inboxes during June. These
emails tried to induce people to click links that would
install malicious programs.

"Using subject lines such as 'You've received a postcard from
a family member,' the emails tried to [trick people] into
downloading a variant of the Storm Trojan, 'an aggressive
piece of malware that has been hijacking computers to serve as
attacker bots' since earlier in the year."

http://www.snopes.com/computer/virus/postcard.asp

If your computer is hijacked to serve as a "bot," it becomes
-- in effect -- a "terrorist sleeper," awaiting orders from
its commander that will cause it to attack other individual
computers or networks. (A virus behaves independently, and
can't be remotely controlled once it's installed.)


Signs of Deception

One sign that an ecard may be fake is often contained in the
"FROM" line. The email will say you've received a card from a
GENERIC friend, neighbor, classmate, secret admirer, etc.

Since most people who send REAL ecards insert their names in
the "From" line, be VERY suspicious when an ecard arrives
"From: A Relative."

Other signs of deception include:

-- Spelling mistakes -- e.g., congratulation! (Or your name is
misspelled.)

-- Errors in the message -- e.g., it says YOU sent the card
you've just received.

-- The sender isn't someone you know.


Staying Safe

-- If in doubt, don't open an ecard.

-- Delete any ecard from someone you don't know.

-- Never click on anything from an unknown source, never open
an attachment from an unknown source, and never download from
an unknown source.

-- Never click to accept terms from any company without
reading the fine print. Beware of those EULAs!

-- Use antivirus software and keep it up to date.

- Use Mozilla Firefox. Many ecard scams use loopholes in
Internet Explorer, so Firefox is far more secure against this
type of scam. But since Firefox is not 100% secure either,
make sure you keep FireFox updated.

-- We recommend against opening any ecard with an attachment.
You never know what's really in that attachment until it's too
late.

Remember: even opening attachments that appear to come from
friends or coworkers puts you at risk.

-- Be skeptical and alert. If something seems fishy, be
cautious. A Trojan can make a phony ecard look like it's
coming from a friend or family member, so be vigilant.

By the way, Mac users are generally safe from these attacks.

For more information on ecards, visit: "Are Ecards Safe?" at:

http://www.scambusters.org/ecards.html

This article also contains helpful links to information about
anti-virus software, spyware removal and email safety tips.

By following these tips, you can stay safe from ecard scams.