Useful information, interesting links, and much more.
You are visiting  
Please choose a

Use the menu to view your

Choose an article with these menus. To return to your last choices use your browser's BACK button.
Special Links
American Patriotism
Short Cut Menu
God Bless America
 
Home Page

Click Picks
Internet & Security
Loading

   • Enter search text below.
   • Press the "Search" button.
   • Click "X" to return here.

16. Important Notice = Phishing
Greeting cards can be troublesome if you are not careful.
Next Page
See also

The Greeting Card

In December 2006 we received a note from Postcard.Com advising that we have received a postcard. Since we had never heard of this outfit, and since we don't open such things anyway, we examined the message without opening it.

In Outlook Express, right clicking on a message and clicking Properties / Detail will reveal the "header" information about the message. Clicking on the "Message Source" button will bring up the text without opening the messsage for viewing. Let's examine the message to see what might be wrong. Our private information has been altered.

Return-path: <test@helios.cpe.ku.ac.th>
Envelope-to: <our address>
Delivery-date: Thu, 28 Dec 2006 16:40:49 -0500
Received: from mailinc01.yourhostingaccount.com ([10.1.13.1] helo=mailinc01.yourhostingaccount.com)
by mailscan34.yourhostingaccount.com with esmtp (Exim)
id 1H02zZ-0000xs-Gl
for <our address>; Thu, 28 Dec 2006 16:40:49 -0500
Received: from helios.cpe.ku.ac.th ([158.108.34.17])
by mailinc01.yourhostingaccount.com with esmtp (Exim)
id 1H02zY-0000JX-Se
for <our address>; Thu, 28 Dec 2006 16:40:49 -0500
Received: by helios.cpe.ku.ac.th (Postfix, from userid 694)
id 421E61A112C; Fri, 29 Dec 2006 04:40:35 +0700 (ICT)
To: <our address>
Subject: You have received a postcard !
From: postcard.com <postcard@postcard.com>
Content-Type: text/html
Message-Id: <20061228214035.421E61A112C@helios.cpe.ku.ac.th>
Date: Fri, 29 Dec 2006 04:40:35 +0700 (ICT)
X-EN-OrigSender: test@helios.cpe.ku.ac.th
X-EN-OrigIP: 158.108.34.17
X-EN-OrigHost: helios.cpe.ku.ac.th

There is not much unusual here. This message came to a legitimate mailbox so someone must have found our mail address.

There are no surprises here.

<strong>Hello friend !</strong><br>
You have just received a postcard from someone who cares about you!<br><br>
<strong>This is a part of the message:</strong><br>
&quot;Hy there! It has been a long time since I haven't heared about you!<br>
I've just found out about this service from Claire, a friend of mine who also told me that...&quot;<br>
<strong>If you'd like to see the rest of the message click <a
href="http://pingvinov.net/~alex/postcard.gif.exe">here</a> to receive
your
animated postcard! </strong><br><br>

<strong>===================</strong><br>
Thank you for using <span class="style1">www.yourpostcard.com</span> 's services !!!<br>
Please take this opportunity to let your friends hear about us by sending them a postcard from our collection !<br>
<strong>==================</strong>

This is the code from the letter. The text in <brackets> is a "tag", which usually ends with a similar code with a slash in </brackets>.

<strong> is bold face, <br> is a line break, and <a href=> denotes a link. Text between & and ; is a special character, i.e., &quote; is a quotation mark.

There are no hidden surprises in here, just text and some links, so this message would be safe to open, but please see below.

Hello friend !
You have just received a postcard from someone who cares about you!

This is a part of the message:
"Hy there! It has been a long time since I haven't heared about you!
I've just found out about this service from Claire, a friend of mine who also told me that..."
If you'd like to see the rest of the message click here to receive your animated postcard!

===================
Thank you for using www.yourpostcard.com 's services !!!
Please take this opportunity to let your friends hear about us by sending them a postcard from our collection !
==================

This is the text of the message as it might appear on screen. Hopefully the crude look and the bad spelling would deter you from going further.

The link has been made safe to click; it does nothing. But look at the address in the section above. Then please see below.

Note the name of the company: YourPostCard.Com.

click <a href="http://pingvinov.net/~alex/postcard.gif.exe">here</a>

Why is your postcard supposedly at pingvinov.net and who is Alex? The ~ may indicate this is Alex's shared space on a server.

postcard.gif.exe

Clicking on the link will run a program named Postcard in Alex's shared space on someone's server. If you are the curious type and click on the link, well, you DO know how to re-install Windows, don't you???

PS - We hope your data was backed up.

Gif files are pictures and could be animated. But note the .exe after the file name. Exe files are programs.

Windows would list this as a .Gif file but in reality it is a program that will run if you click on it.

 


 

Next Page
See also


03/19/06

   
www.Eagle-Wing.Net