Thieves send e-greetings

Plugged In

November 30, 2006|By Eric Benderoff | Eric Benderoff,Chicago Tribune

This is the time of year for greeting cards, and a growing number of them, conveniently, will come via the Internet.

There's only one problem: Some of the e-mail messages saying that you have an e-greeting card from a friend or family member may instead be from a scam artist intent on obtaining your Social Security number, credit-card data or even brokerage account information.

"People like receiving greeting cards this time of year, and they are likely to click on these greetings" if they are in their e-mail inbox, said Stu Elefant, senior product manager for McAfee Inc., an Internet security firm that markets products that detect unsafe Web sites or e-mail. "There is more cybercrime because people's defenses are down. They are in a more trusting mood, thanks to the holidays, and they are looking online for bargains."

That is an irresistible mix for increasingly clever cybercrooks as they realize more people than ever will shop online this holiday season or seek to save postage - and time - by e-mailing holiday greeting cards.

Indeed, 91 percent of adults say they use the Web to shop, according to a survey released Friday from Harris Interactive and Check Point Software Technologies.

And as more people turn to the Internet for at least some of their holiday purchases - or simply for comparison shopping - more crooks, too, are tracking their movements.

The average loss per "phishing" scam grew from $257 in 2005 to $1,244 in 2006, according to a report this month from Internet research firm Gartner Inc. Losses stemming from such attacks reached more than $2.8 billion this year, Gartner found.

In Australia, a scheme was uncovered in late October by Exploit Prevention Labs that was perpetrated through e-greeting cards. According to the Web site TechNewsWorld, accounts at nearly every Australian bank were affected when a major cybercrime group used fake Yahoo greeting cards to infect computers with malicious software that tracked keystrokes on PCs. This so-called "keylogger" software was used to steal credit-card numbers, bank account user names and passwords.

Researchers with Exploit Prevention Labs added that the e-card spammers were also targeting computer users in North America, TechNewsWorld reported.

Since early fall, numerous computer users across the United States have noted a marked increase in spam in the form of e-cards. The subject line typically reads, "You've received a greeting from a family member" or "You've received an animated postcard."

The text inside these "phishing" e-mail messages asks people to "click here" to see the card. Phishing schemes are an attempt to trick people into revealing personal information. If they click on these links, they could unwittingly be downloading software that could be used to separate users from their holiday bonuses.

McAfee's Elefant warns people to exercise extreme caution when e-greeting cards enter your inbox and to open messages only from people you know. If you have any doubt, he warned, don't open the message.

Crooks are exploiting what security professionals like to call "social engineering," Elefant explained. Because humans are social beings, they're more likely to open an e-mail they think is from a friend or family member than something unfamiliar.

"Social engineering is more prevalent this time of year because people want to click on an Internet greeting card or get a better deal at a store online. So it's more prevalent this time of year, and this year it's more prevalent than anytime it's ever been," he said.

People also are helping the crooks more than before.

The growth of social networking sites such as Facebook, MySpace and YouTube is helping cybercriminals target computer users.

"There's more personal information about people online at these sites," Elefant said. At YouTube, for instance, many people who post videos also include a picture of themselves along with other personal information, such as an e-mail address.

A crook may then send a message to that user and write, "Hey, I saw your video at YouTube about skateboarding. If you want a new skateboard, come check out the deals at my site."

Elefant said this is a common technique used by sexual predators but increasingly is being used for financial theft.

Another reason for the online crime wave, according to the Harris survey, is that few people adequately secure their computers. The survey found that 74 percent of people do not install a hardware firewall and 53 percent don't use a software firewall. Only 22 percent have installed a proper suite of security software, according to the survey.

Eric Benderoff writes for the Chicago Tribune.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.