Home Archive Postcard From a Family Member Malware Email

Postcard From a Family Member Malware Email

by Brett M. Christensen

Outline:
Email purporting to be an eCard notification from a family member leads to a website that can download malware to the recipient’s computer.


Important note:
Information about the genuine threat discussed below should not be confused with a bogus email hoax that claims that an email with an attachment entitled “POSTCARD” will destroy the hard drive of the infected computer.

Example:
Subject: You’ve received a postcard from a family member!Good day.

Your family member has sent you an ecard from [Link Removed].

Send free ecards from [Link Removed] with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.

To view your ecard, choose from any of the following options:

——–
OPTION 1
——–
Click on the following Internet address or copy & paste it into your browser’s address box.

[Link Removed]

——–
OPTION 2
——–
Copy & paste the ecard number in the “View Your Card” box at
[Link Removed]

Your ecard number is
a885b5e6291c3de8293ec6968e3ca03

Best wishes,
Postmaster,
[Link Removed]
*If you would like to send someone an ecard, you can do so at
[Link Removed]



Detailed Analysis:
In late June 2007, many Internet users reported receiving eCard notifications like the one shown above. The emails claim that the recipient has been sent an eCard from a family member and instructs him or her to click a link in the message to view the card. However, the eCard is bogus and links in the message will lead to a website where malware may be clandestinely downloaded and installed on the recipient’s computer.

Varied website addresses are used in the fake eCards, but they generally have a “.hk” domain name.

Following links in the email opens a page that claims that the website is “currently testing a new browser feature” and asks the visitor to click another link, supposedly to view the eCard in its original format. Clicking this second link will download and install a number of malware components.

The eCard ruse is one that has been used a number of times in the past by malware distributors. They capitalize on the popularity of genuine eCard services that may send notification emails in a similar format. However, genuine eCards will normally include both the recipient’s and the sender’s names in the message.

Be very cautious of clicking on links in eCard notification messages, especially if they have generic references such as “a family member” or “a friend” and do not address you by name. In some cases, the scammers may disguise the real link in such messages so that it looks like it leads to a genuine and well-known eCard website. Therefore, it is always wise to check links in HTML emails before clicking.



Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer