Chances are that you’re no stranger to receiving electronic greeting cards (ecards) in your inbox which claim to have been delivered by the likes of Blue Mountain and Hallmark.
Sadly, cybercriminals know that many internet users find the thought of a surprise greeting card impossible to resist and often disguise their malware attacks using these well-known brandnames. Computer users are so excited about the prospect of a greeting out of the blue that they click to find out more, without showing enough caution about the possible consequences.
Thomas Taylor Jr., of West Haven, Connecticut, has been sentenced to four years of probation for his part in a phishing scam that targeted AOL users using the disguise of Hallmark and Blue Mountain electronic greeting cards.
From 2002 until September 2006, Taylor and fellow gang members used software to steal AOL screen names from chat rooms. The users were then spammed with electronic greeting cards claiming to be from Hallmark.com and Bluemountain.com, but in reality installed a Trojan horse that prevented AOL customers from logging into their account without entering personal information such as bank account details, social security numbers, names and addresses.
The gang’s ringleader, Michael Dolan, was sentenced to 84 months in jail in late 2007.
As Sophos described recently in a humorous video, eight out of ten systems administrators are worried that ecards pose a security risk.
* Sophos online poll of 383 respondents, February 2009.
Maybe Taylor’s sentence will do a little more to raise awareness amongst the computer-using public of the danger your can put yourself in if you open an unsolicited ecard. But somehow I expect the problem is here to stay for a long time yet.