Can you trust that Hallmark e-card?
Here's how to tell the real cards from the bad ones.
Everyone likes getting cards. I'd prefer paper-cards to an e-card, but hey, I'm not choosy. Any card is still a sign that someone's thinking well of me. Except, of course, when it's not really from a friend, but a soul-less bot trying to infect my computer with the latest malware.
In particular, it seems like a day doesn't go by that I get a Hallmark e-card in my e-mail, and every last one of them has been spam message bearing malware or an attempt to get me to link to a malicious Website. I'm not the only one.
A quick look over the Web showed me that Hallmark malware spam seems to come in waves. And, yes, we're getting another tidal wave of them now. As the holiday season approaches, I'm sure we'll only see more of them.
As it happens, Hallmark does sell real e-cards, so you can't just delete every e-mail that comes along that proclaims it's a Hallmark card. Fortunately, there are ways to tell the real cards from the bad ones.
Hallmark's own list of how to tell if an e-card has really been sent to you by a friend is a good start. Hallmark's list includes:
1. Hallmark e-card e-mails do not include any attachments. To be safe, if you receive an e-card notification with an attachment delete it immediately then empty your "trash" or "deleted e-mails" from your email client.
2. A legitimate Hallmark e-mail notification will come from the sender's e-mail address, not Hallmark.com.
3. The sender's first name and last name will appear in the subject line. If you do not recognize the name of the person sending the E-Card, do not click on any links in the e-mail. Delete the e-mail.
4. The notification will include a link to the E-Card on Hallmark.com as well as a URL that can be pasted into a browser.
5. The URL will begin with http://hallmark.com/ followed by characters that identify the individual E-Card.
6. Hallmark E-Cards are not downloaded and they are not .exe files.
7. In addition, Hallmark.com will never require an E-Card recipient to enter a user name or password nor any other personal information to retrieve an E-Card.
To these, I'll add those old basics of never opening e-mail from a stranger and never, ever open attachments or click links from people or groups you don't know. Sure, it might really be from someone you want to hear from but the odds are orders of magnitude higher that it's from a spammer.
It would be nice if we could trust our e-mail, but sadly, when it comes to e-mail in 2009, paranoia is the best approach.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
extension of tip #5: check the source
this is especially true for those of you who receive their e-mail in HTML format - use the "view source" option to ensure the referenced URL really is hallmark (or 123greetings or bluemountain or ...) URL's that point to 123.123.123.45, www.hallmark.com.somewhere.else.com/, and so on are dead giveaways that they are malwareThis is, of course, somewhat dependent upon what e-mail client you use - web-based clients should show the target in the status line (but that can be subverted by carefully crafted URL's) while most stand-alone clients may not show the target of an embedded URL (kudos to those clients that do, and further, if they compare that URL to known sites for good/bad warnings)