Watch your inbox – The dangers of e-cards, etc.
January 8, 2009 | By Damon Armour, IT Security Officer
In January, a series of fraudulent emails were received by ASU mail recipients in the guise of Hallmark e-cards. In actuality, these emails were sent from computers on campus that had been infected with malware-which is software designed for malicious purposes. The email originators were hoping recipients would click on the embedded links and then download the malware instead of greeting cards. In this case, the originators were trying to take advantage of the reputation of Hallmark in order to entice the recipients to click.
This incident began with the exploitation of a couple of individual computers, then spread to many other users across campus. The emails contained an unexpected attachment which was not what the e-card users were expecting; instead of a greeting card, the recipient downloaded malware. This particular malware appeared to take advantage of a user's email address book in order to send replications of the e-card message. Therefore, those who clicked on the attachment and opened it started the process over again. As you can see, it only takes a few users to quickly spread the malware across campus.
Once ITS was notified and recognized the incident, steps were taken to lessen the spread of the outbreak. ITS identified the infected computers and disabled network access for these systems as well as provided in-person and over-the-phone assistance in removing the malware.
The challenge in an incident such as this is in knowing what to click and what not to click. This incident serves as an excellent warning that items in your inbox that are from sources/senders unknown to you should be regarded with caution.
That same day, along with the Hallmark e-card messages, we saw examples of fraudulent IKEA software offers as well as Wal-Mart gift card offerings. These were just expansions of the exploiters' net to catch more users.
Hallmark has dealt with cases of e-card fraud over the past couple of years and has posted a useful site to assist users:
http://www.hallmark.com/webapp/wcs/stores/servlet/article|10001|10051|/HallmarkSite/LegalInformation/FAQ_ECARD_FRAUD_ALERT.On its site are three major items for your protection: one, Hallmark does not send attachments in their e-cards; two, its messages will not contain generic terms, but will contain the name of the person who is sending the card; and three, the URL will reference a Hallmark website and not redirect you to a third-party site. Armed with this knowledge, many cases of e-card fraud can be avoided.
Another method of mitigation is to make sure that anti-virus and anti-spyware tools are up-to-date. On campus, your computer receives updated definitions that make these tools effective in most cases. But in other cases, such as mobile users or at-home systems, careful evaluation of the status may be necessary. If you are unsure how to check the status of your anti-virus and anti-spyware tools, please contact the ITS Help Desk (737-1482) for assistance.
The lesson to be learned from the recent e-card incident is that caution should always be applied when dealing with email from unknown or unexpected sources. This example took advantage of individuals wanting to open an e-card greeting. However, in the future, look for the clues mentioned above to assist you in spotting a fraudulent email. If unsure of the email, take a moment to ask a peer or contact the ITS Help Desk. Through the use of good judgment (as well as the delete key), you could be sparing yourself and the campus a great deal of frustration. If you have questions or comments, contact firstname.lastname@example.org.