With the holiday season fast approaching spammer reprobates are at it again. As I was perusing hallmark.com tonight, I noticed the following alert regarding the latest attempt to infect your computer with the Zapchast Trojan Virus via Hallmark E-Cards. Hallmark recommends the following:
E-Card Fraud Alert
A fraudulent e-mail flooding the Internet claims to have a link to an E-Card from a family member, friend or neighbor and uses major greeting card company names such as Hallmark. Clicking on the link downloads a virus onto your computer that compromises personal data.
What you can do:
1. Report suspicious e-mail to your e-mail service provider so they can take action.
2. File a complaint at http://www.ic3.gov/
3. Forward the suspicious e-mails to email@example.com. (Due to the large amount of e-mail we receive at that address we will not be able to reply to your e-mail, but we will investigate.)
Then you should delete the e-mail.
If you are unsure if you've received a legitimate Hallmark E-Card, don't click on a link in the e-mail. Instead use our E-Card pickup.
If you do click on the link in the bogus e-mail, you will launch a variant of the Zapchast Trojan virus. Zapchast installs an Internet Relay (IRC) chat client and causes the infected computer to connect to an IRC channel. Attackers then use that connection to remotely command your machine.
What Hallmark is doing:
1. Contacting the Internet providers identified as the source of the spam requesting that they shut down the imposters.
2. Working with Microsoft to include the virus code in their phishing filter to protect consumers who use their web browser and e-mail client software.
3. Working with anti-virus software corporations to get the virus code added to virus definition updates.
4. Reviewing Hallmark's E-Card notification and pickup procedures.
5. Educating consumers about how to avoid E-Card abuse.
How to tell if a Hallmark E-Card notification is real:
1. The subject line of legitimate E-Card notifications from Hallmark will say, "A Hallmark E-Card from (name of the sender)" not a generic term like "friend," "neighbor" or "family member.
2. The e-mail notification will come from the sender's e-mail address, not Hallmark.com.
3. The notification will include a link to the E-Card on Hallmark.com as well as a URL that can be pasted into a browser.
4. The URL will begin with http://hallmark.com/ followed by characters that identify the individual E-Card. Hover your mouse over the words "click here" in your e-mail. If you do not see the URL above, it is not a legitimate Hallmark E-Card.
5. Hallmark E-Cards are not downloaded and they are not .exe files.
6. In addition, Hallmark.com will never require an E-Card recipient to enter a user name or password nor any other personal information to retrieve an E-Card.
E-mail Safety Tips:
1. Do not open e-mails from unknown senders.
2. Don't open an e-mail you know to be spam. A code embedded in spam advertises that you opened the e-mail and confirms your address is valid, which in turn can generate more spam.
3. If you receive an attachment that you are not expecting, don't open it, even if it's from someone you know. First read the e-mail, and make sure the attachment is most likely legitimate. If you're still not sure, call or e-mail the sender to confirm, but do not reply to the original e-mail.
4. Some fraudulent e-mails that appear to be from financial companies (PayPal, banks, credit card companies, etc.) direct the reader to click on a link to verify or confirm account details. Never click these links. Instead, call the company if you are concerned about your account.
Hallmark gives some very good advice, that we all should follow. I've received (recently) a spate of emails from PayPal, Ebay and even the IRS, none of which were legit.
So the miscreants are on the hunt, once more, and during a time we might all be a little less vigilant than we should.