They made the rounds again this valentine season: the nasty, virus-infected e-mail messages that pretended to be greetings from someone who cares about you.
What the senders really cared about was harvesting as much personal and financial data as possible. That happened when recipients clicked on the link as instructed, not realizing they were putting vital information at risk.
Many people received warnings of the scam from Hallmark, likely the world leader in conventional greeting cards. In their alert, Hallmark officials said the phony e-mails were “flooding the Internet” as they trolled for ways to harvest your data.
Those officials say there are several ways to tell if an electronic greeting card is the real deal (and really from Hallmark):
· The subject line says “A Hallmark E card from (sender’s name)” and not a generic term like “a friend.”
· The e-mail notification comes from the sender’s e-mail address, not from Hallmark.com.
· The notification includes a link to the card at Hallmark.com and a URL that can be pasted into a browser.
· The URL begins http://hallmark.com/ and is followed by something to identify the card (Hallmark advises hovering your cursor over the words Click Here — if you don’t see the right URL, don’t click).
· E-cards from Hallmark are not downloaded and they are not files ending in .exe (the ones that execute programs; the malicious ones can harm your computer).
· Hallmark doesn’t ask users to type names, passwords or other personal information to retrieve e-cards.
Hallmark has investigated, found the Internet providers and requested that they shut down the spammers. The company also is working with anti-virus software firms to get the virus code included in their updates. Hallmark also is looking inward at its notification and pickup procedures.
The company echoes others who worry that consumers may let down their guard during holiday periods. All of the rules about spam still apply, starting with the bottom-line rule: Don’t open e-mail from unknown senders. Opening what you know is spam simply tells the sender that your e-mail is working and can help perpetuate the fraud.
Hovering your cursor over highlighted text can identify many threats. You can also visit www.whois.com, a registry of domain names. We tried this with our latest e-card and found that it came from a Web site in Mexico.
You should report suspicious e-mails you receive to your e-mail provider. If you receive a Hallmark impostor, you can forward it to email@example.com (because the company gets so many, it won’t promise to respond but says it will investigate).
You can also file a complaint with http://www.ic3.gov/, the Internet Crime Complaint Center.
Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s membership-funded, nonprofit consumer organization. Individual and business memberships are available at modest rates. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write: Consumer Forum, P.O. Box 486, Brewer 04412, or e-mail firstname.lastname@example.org.