[KY4KY] "You have a card" Scam

K4RVM - Bob Myers k4rvm at critterbob.com
Thu Jul 5 18:56:42 PDT 2007


Well, it's time once again to try to scam computer users into inviting a virus onto their computer. This time, it comes in the form 
of an email announcement that you received a greeting card.

Here's how to tell the fake ones from the real ones:

The real cards email will look something like this:

Dear Bob,
Critterbob (critterbob at critterbob.com) has sent you a Jacquie Lawson electronic greeting card.
Please click on the following link to see your card.  If your e-mail program has not displayed this as a link, then please copy the 
following into the Address or Location bar of your Internet browser.
http://www.jacquielawson.com/viewcard.asp?code=1244757042999&source=jl999
Alternatively, please visit http://www.jacquielawson.com and select the Pick Up Card option in the menu. Then enter your card code, 
which is:
1244757042999
If you have any problem at all viewing your card, please click here:
http://www.jacquielawson.com/help_1.asp
If you do not wish to receive e-cards from jacquielawson.com, please click here:
http://www.jacquielawson.com/donotsend.asp
Our ref: JLC299916062-CS / 1244757042999
jacquielawson.com, PO Box 1567, Wedmore, Somerset BS28 4YD, United Kingdom.

The fake one will look more like this:

A friend has sent you an electronic greeting card from ECard.com.
Please click on the following link to see your card.
http://69.127.152.45/aadsflkyerwfgesfgtewdlsaybng
Or just go to http://69.127.152.45/ by clicking this link or typing it in.
The enter your reference code: aadsflkyerwfgesfgtewdlsaybng
ECard.com

The fake ones will say from "a neighbor", "a classmate", "a friend" or something like that and not give you a name. The real one 
gives your name and the sender's email and/or name.

The fake ones give a set of numbers for the card's address instead of the real web site name.

DO NOT GO TO THESE NUMBERED LINKS. Two of the five I received linked to a site with a Trojan virus called JS/Psyme. This has been 
around since 2004, but is now being exploited again. If you go to the link using Internet Explorer the built-in Active X controls 
will invite the virus right onto your computer. Users running Firefox will not have this problem since Firefox does not use the 
dangerous Active X. However, it is advised not to go to these sites at all.

73
Bob, K4RVM

Bullitt Amateur Radio Society: http://KY4KY.com
KY4KY.com Weather Center: http://KY4KY.com/weather
Greater Louisville Hamfest Assoc.: http://critterbob.com/glha




More information about the KY4KY mailing list