According to security expert Bill Mullins, in the last year, email inboxes have being swamped with similar scamming emails from fraudulent sites like Greetings.com, and 2000Greetings.com, amongst others.
This time around, the domain name being used by these scammers is Greetingcard.org, which is a legitimate site of The Greeting Card Association, a greeting card industry trade association. This organization makes no bones about it when it says on its website, “We do not publish cards, nor do we have an e-card pick up. If you receive an e-card notification from our association, it is fraudulent and should be deleted”.
Bill goes on to further explain that this type of socially engineered email scam is based on playing the human curiosity card. This scam exploits the fact that people are naturally pretty curious. The surprise factor appeals to people to further make them want to open one of these dangerous scam emails. Receiving good news feeds into the “wow” factor that heightens the effect of making people want to open these bogus email greeting cards. Spammers are counting on all these different factors to lure people into the trap. Many people fall for it with disasterous results being unleashed on desktop computers or company networks.
In this scam, the body text of the message urges a person to click on an embedded link so that you can see the greeting card. However, clicking on this link will lead to malware being installed on your computer.
According to The Greeting Card Association, a legitimate e-card notification will always include the full name or personal email address of the sender. Furthermore, the sender will never be identified by a generic term such as a “friend” or “associate”, terms that are frequently used in fraudulent e-card scams.
Pass this information on to your email user community before the holidays get into full swing for sending more electronic greeting cards.