When we analyzed spam data from the past few years, we observed that holiday seasons spirit up malware spam campaigns using e-cards, video player downloads or ActiveX download attacks. We have found that greeting card or e-card spam are the most common. Due to this reason spammers are employing this technique in other spam campaigns.
When analyzing spam messages from the Symantec Probe Network, we came across an interesting phishing attack where spammers are misrepresenting e-card services.
In this unique phishing attack, a URL for the animated e-card is provided in the message. When the user clicks on this link, an animated video is played in a flash player. Surprisingly, the personal message section is invaded by a typical phishing message.
The greeting card message is shown in the image below:
Subject: Acknowledgment of e-card.
URGENT ... [removed] Hello,
The card you selected has been sent to [Message Details Removed] on November 1, 2009
To see the card you sent click on the link:
Below example shows phishing message from personal message section:
CONFIRM YOUR USERNAME
Republic of Panama, October 29, 2009.
Dear Investors, Dear Investors, The Board decided to conduct an investigation of [removed] for all investors once a month. This research will generate an additional expense to the Administration, so we decided to charge each investor $ 1.00 (one U.S. dollar) each month for investigation of account. That is, one dollar will be debited from your account balance each month. If you're interested in this option for your safety Confirm Your Account by Clicking here Congratulations to all for the result achieved.
Clicking on the link provided in the message directs the user to a phishing site which monitors user’s banking credentials.
Sending e-cards is popular way of expressing emotions over the Internet. Users tend to open the e-cards without paying attention to the message body. We advise our users to be extra careful with e-card messages so their personal information is not jeopardized.
Special thanks to Paresh Joshi for contributed contents.