E-Greeting Card Spam: What Is It?

Jodi · August 14, 2007, 8:55pm

Many, many thanks to my unnamed Friends and unnamed Neighbors and unnamed Coworkers who are sending me so, so many e-cards from unknown e-mail accounts! It’s so very nice to know you are thinking of me and that you love me.

Yet I fear your love is impure. I suspect, lowyam @ bullshitaddy . com, that if I actually clicked on the link you invite me to, that I would view something not worth my time, and that you might perhaps do something nasty to my computer. So alas, I must continue to use my metaphorical tongs to transfer your loving message from my inbox to my trash.

Dopers, if I was such a fool as to click the link, what’s the payoff or punishment? Would I just see yet anothe invitation to purchase Viagra or extend the penis they assume I have? Or would I find I had uploaded malware/spyware of some kind? What, exactly, are these e-cards supposed to accomplish? And incidentally, why doesn’t my spam filter pick them up?

Earl_Snake-Hips_Tucker · August 14, 2007, 8:57pm

Hopefully, if you did it at work, your firewall would stop it dead in its tracks as “malware.” That’s what mine did.

Yeah, I was such a fool. But a curious fool.

Arnold_Winkelried · August 14, 2007, 9:40pm

Washington Post on the subject:

http://www.washingtonpost.com/wp-dyn/content/article/2007/07/20/AR2007072002116.html

Sunspace · August 15, 2007, 2:08am

If you go to the address they give, the website tries to download a Windows executable file to your computer. I’m using a Mac, so that’s gonna go nowhere.

Sleel · August 15, 2007, 8:01am

It’s also a tactic spammers use to get people to confirm their email address. They send a link with a unique ID embedded in the URL, and if you click on it, presto they think “Hey, this address is live, let’s send more spam, and let’s sell it to other spammers as a confirmed good address.”

My <expletive deleted> aunt (bless her heart) used to send me glurgy e-cards. Gee, what do you know, the address she knew was infested with spam several times, spiking soon after I got an e-card from her. I never clicked on the links and the filters caught most of the crap, so it was never more than a nuisance. It was annoying enough that after the first couple times I stopped being very diplomatic about telling her to never enter any of my email addresses into a web site. I did take the time to tell her why, too, and that made enough of an impression that I haven’t had a repeat of the problem. At least from her. <sigh>

Kat · August 15, 2007, 11:02pm

Ha! I got an e-card from a Worshipper! Unnamed, of course, because my Worshippers know that they are unworthy of being noticed by me, lest they incur my wrath.

Duck_Duck_Goose · August 16, 2007, 2:09am

Uh huh. I got one this afternoon. The address was netfuncards.com <degtn @ telcel.net.ve> and it said:

Needless to say, I did not click on the link. I tried the IP number alone, and it consistently timed out, and it did not take me to netfuncards.com . So I went to http://www.netfuncards.com/ , and found a warning on their home page, prominently displayed in a big red box, against clicking on just such a link. It said that all of their e-cards come from the address netfuncards.com, that if a purported e-card does not come from that addy, then it’s not one of theirs, that they store all their e-cards on their own server, and that clicking on the link would install a virus.

Joe_Mahma · August 16, 2007, 2:14pm

I did a reverse DNS search on the message, and it was a DNS in Rumania. Probably not a greeting card site. I get a dozen of these things a day.

susan · August 16, 2007, 3:00pm

As for me, I deleted several eCards from my Cousin today. “Zulfikar Ramzan” is the name of my next band or cat, whichever comes first.

Jophiel · August 16, 2007, 3:12pm

I clicked one of these once and it began downloading some sort of nasty or another. I immediately realized what was happening and, luckily, I was on a 56k at the time so I just pulled the phone line out before it could download much of anything.

I don’t remember why I clicked on it – usually I’m very careful about such things and it had a painfully obvious address starting with an IP number. I think I was frustrated about other unrelated issues and just wasn’t thinking.

whitetho · August 16, 2007, 10:23pm

I got my first Worshipper notice today. Perhaps we should join forces and form a cult, so as to not disappoint our admirers…

El_Kabong · August 17, 2007, 2:23am

Hunh, I’ve gotten a couple of those in the past three days. Pretty clumsy. The first one said (exact quote) “daughter has sent you E-card from …(name of legit E-card site)”, followed by a numeric IP address. A Whois search turned up the address as being registered by Hananet, a Korean outfit. I sent their info@ account a query concerning the address in question, but it bounced.

I often wonder, given the various message formats and locations these are sent from, is it one person or small group doing them all, or is there some sort of spammer’s network where one person suggests a possible strategy and everyone else decides to give it a whirl?

Tastes_of_Chocolate · August 17, 2007, 3:58pm

I ran into a warning about this about a month ago. Clinking the links ends up with you being infected with a trojan called Storm. Storm creates a backdoor for the hackers, who, last I read, seem to be using the machines they infect to email others.

Google Storm + trojan + card and you get lots of stories on it.

Wee_Bairn · August 17, 2007, 5:47pm

What I don’t get it is that they are so stupid to use “Friend” or “coworker”- wouldn’t “Mom” or “Dad” make one more inclined to open the damned thing?

ryobserver · August 17, 2007, 11:32pm

I’ve been getting those for weeks now, mostly at work. Friends, “school mates”, worshippers, colleagues, relatives, all sending me greeting cards, or so I’m told. The first several I got all came from Hong Kong, and I don’t know anyone in Hong Kong, which was kind of a tip-off.

Also, I’m basically a loner, few of my relatives know an e-card from a hole in the wall (certainly my mother doesn’t!), I very much doubt any of my school mates are trying to get in touch with me after all this time, and any “worshipper” of me is heading for a severe crisis of faith, especially if they send me junk e-mail. So for me this is just mildly amusing, like all the e-mails promising me a bigger and/or harder penis, when I don’t have a penis to begin with.

Will_Repair · August 18, 2007, 9:21am

Couldn’t you confirm an email address by sending HTML mail with, let’s say, a link to a graphic on a web site

(html)
(body)
Congrates, you have a (img href=“spam.spm”)

and then watch the stats for spam.spm?

Sleel · August 19, 2007, 2:35am

You can. A lot of spam does just that. I have both my web mail and mail client configured to not load any images. If you have image display enabled, your email client or service will helpfully load the graphic, which, depending on how the mail is configured, might pull the image from an external website rather than from an attachment. Obviously, that’s not good. From a security standpoint you should disable image loading in email.