February 24, 2009
I just got this in my in-box. It looks legit enough – has the Hallmark logo and a nice invite to click on the link and view the “someone who cares about me” postcard they sent.
I was immediately suspicious for a few reasons – first it doesn’t have an email address of the person sending it to me. The legit ones always say either the email address or the name of the sender. Second, it looked too plain and not the usual stylings of Hallmark.
Sure enough, I checked the source code and it’s a Trojan attack. Had I clicked on the link to view the card, my computer would have installed a Trojan Horse to do whatever malicious intent it was meant to do.
Read more about it here. Whatever you do, don’t click on the link of anything in an email you receive unless you know the person. Here’s what the full email said:
Hello there. You’ve got a postcard from someone who cares for you.
In order to downoad your postcard, click on the link below:
http://www.hallmark.com/postcards/client72637541 (this did not link to the hallmark site, instead it was an EXE file that would have installed a trojan on my computer)
Thank you for using Hallmark services.
February 17, 2009
I just received another Phishing email supposedly coming from PayPal. The subject line reads: Important Information Regarding Your Account !
If you receive a similar email, delete it and forget about it – it’s a “phishing” attack where some nefarious character is trying to get you to divulge your personal information by clicking on the links provided. Please don’t! No legitimate company will ask you to do this – especially PayPal or a bank.
On this particular email, the “reply” email address is: firstname.lastname@example.org – which is definitely not PayPal!
December 20, 2008
Alert: If you receive an email from PayPal with the subject line: Update Your Information, do NOT click on the link – it is a phishing attack meant to steal your personal information.
(Quoting PayPal) What is Phishing?
Phishing is a form of fraud designed to steal your identity. It works by using false pretenses to get you to disclose sensitive personal information, such as credit and debit card numbers, account passwords, or Social Security numbers.
What do you do?
PayPal wants to know when these types of emails are being sent out. You can forward the offending email to: email@example.com and then delete the email. Do NOT click on any links within the email.
For more information and details on similar phishing attacks, read The Phishing Guide from the PayPal site.
Always be wary of ANY email that asks you to click a link and enter in personal information – even if it looks official, the odds are great that it is not legit. Be safe and ask your webmaster or go to the official website of the company the email is representing to find out if it is legit or not.