Alex Zaharov-Reutt
Thursday, 27 November 2008 06:21
Opinion and Analysis
Page 1 of 2
E-eek! That nice Christmas e-card could be an e-threat, says AVG, and
while the danger of e-cards is theoretically well known, the e-conomic
crisis (and e-co climate concerns) is forcing some to consider sending
e-cards instead of the real thing. As this means some e-cards you
receive could be real, amongst plenty of fakes, caution is re-quired!
Social engineering tricks have seen e-cards being hijacked by online criminals as a way to infect millions with spyware, crimeware, botnets and other e-nasties, with many now treating all e-cards with suspicion.
However, as the threat of dodgy e-cards has waned due to e-cards not recently being used by those nefariously nasty online criminals, the rapid approach of the Christmas and festive season could see some drop their guard and open an e-card that appears to come from a friend or colleague.
That’s the finding of global Internet security firm AVG Technologies, who “found that almost three quarters (74 per cent) of the people it polled said they would automatically open an e-card if it were from a friend or colleague.”
As AVG ominously warns, you must “pick the e-cards you read very carefully” – and while AVG mentions that e-cards may be being sent as a way to save money and be eco-friendly, who knows if those clever online criminals will actually have the brains to frame their e-card messages with an eco-friendly message.
Perhaps something like: “I’ve decided to send you an e-card to cut down on the massive carbon emissions of posting a physical card, so please accept this beautiful e-card in place of a dead tree and wasted oil”. Or some such.
Lloyd Borrett, Marketing Manager of AVG (AU/NZ) said: “Criminals are using this growing medium to deliver viruses and other security threats to the computers of their unsuspecting victims. Because risky e-cards are typically made to look as though they have been sent from a trusted party, usually a friend or relative, they fool the recipient into opening them.”
It is social engineering, after all. Like the TV show said, “you are the weakest link”, and that’s what social engineering targets. You.
AVG says that another three letter organisation, the FBI, has issued formal warnings over the risk of e-cards, because the FBI itself was targeted after fraudulent emails were sent in the name of the FBI’s Deputy Director.
Why do online criminals send out spams and e-cards and other email threats? And what can you do to protect yourself?
The answer is on page 2... please read on.
