Hackers aim to steal more than your heart

Herb Weisbaum • Profile • E-mail

Your “secret admirer” just sent you an electronic Valentine’s Day card and you can’t wait to find out who it’s from. Think twice before you do that. Your computer could wind up with a digitally transmitted disease.

Hackers use anonymous electronic greeting cards to sneak their malicious software onto unprotected computers. They want you to click on the link in the e-mail or instant message to retrieve your e-card. That will send you to their web site which has malware waiting to be downloaded.

"An anonymous e-card always piques your curiosity,” says Seth Caplan of Los Angeles. He believes he got a virus on his machine when he clicked a link to retrieve a card from an unknown sender. Luckily, he was able to remove the infection with antivirus software. “I’m definitely more careful with e-cards now,” Caplan says. “I’m a lot more vigilant.”

Once a computer is infected, it can quickly spread the malicious code. That’s what happened at Augusta State University. According to the school’s web site, a campus-wide outbreak took place last month after a couple of students were fooled by malicious e-mail made to like it was from Hallmark. It wasn’t.

“This particular malware appeared to take advantage of a user’s e-mail address book in order to send replications of the e-card message,” writes Damon Armour, the school’s IT security officer. “As you can see, it only takes a few users to quickly spread the malware across campus.”

“Electronic cards are nice, but caution is the word of the day,” says Howard Schmidt, an internationally recognized expert on cyber security. Schmidt tells me if he gets an e-mail alert and it doesn’t show the name of the person who sent the card or if he doesn’t recognize the sender’s e-mail address, he deletes it right away.

When in doubt, check it out The major greeting card companies have information on their sites about e-card fraud, with specific information to their service. Hallmark American Greetings Blue Mountain

If the link is bogus and you land on a rogue site, the malware the scammers load on your computer “can give them a constant back door into your system,” Schmidt warns. They can turn your computer into a zombie that sends out spam or they can install a program that will “harvest” your passwords and account numbers when you shop or bank online. That information could be sent to a server somewhere in the world where it will be used to run up charges on your credit card, drain your bank account and commit identity theft.

Bad guys always follow the crowd
Electronic cards are still a small, but growing part of the greeting card market. Last year, about 500 million e-cards were sent worldwide.

E-cards have a lot going for them. They’re environmentally friendly, relatively cheap (or free), and you can send them at the last minute.

The industry knows cyber-thieves use fake greeting cards to deliver their malicious software. “We’ve been working with the FBI for two years now,” says Barbara Miler with the Greeting Card Association. “We encourage people to report e-card fraud to them.”

MORE FROM CONSUMERMAN

ConsumerMan Section Front

Are holiday lights a hazard? The great rebate debate Clean clothes, stinky problem Fed overdraft rule not enough Chinese drywall a big threat FTC nabs Moneygram ConsumerMan Section Front   Add ConsumerMan headlines to your news reader: