From the Kenosha News on 12-16-07

Watch out for a new greeting card scam over the holidays

      It’s a festive time of year, and you may be sending and receiving electronic greeting cards.  The spammers are sending them, too.  This column will teach you how to tell which ones are real and which aren’t.

      I received one that looks quite genuine at first blush.  It comes from ecards@yahoo.americangreetings.com, has a subject of “Nixn has sent you an ecard from Yahoo! Greetings,” and contains:

“Rolando has sent you an ecard.  
To view your ecard, click on the following link:
http://www.yahoo.americangreetings.com/view.pd?i=232907032&m=8133&rr=y&source=dldkl304
Please do not reply to this email.  To help resolve your issue or question, go to:
http://www.yahoo.americangreetings.com/emailus.pd?source=mdup334
We have an extensive help center that may answer your questions, or you can choose to email us from there.
To read about email protection, type http://www.yahoo.americangreetings.com/emailprotection into your web browser.
Thank you!
Your friends at Yahoo! Greetings”

      The first clue that it’s a scam or at least just innocent spam is that I don’t know anyone named Rolando or Nixn.  However, even if the name were familiar to me (like Judy, Lori, etc.), there are two tests I can do to determine if I’m really getting an e-card or if this is dangerous stuff.

  1. First, I float the mouse pointer over the link to the alleged e-card.  This is the first link in the e-mail.  If it were legitimate, it would point to an address shown:  www.yahoo.americangreetings.com.  When I float over the link, the REAL address is shown in the lower left of my browser window.  It is actually www.yahoo.americangreetings.com.ksetpon.com, which is NOT the same. (In fact, it doesn’t point to a Yahoo or an American Greetings server.  Further research shows that the ksetpon.com domain points to five different IP numbers, one of which appears to be at U. Penn and another in Maryland on a Comcast network.)  This is the most reliable way to know a genuine e-mail from a scam or virus.
  2. Show the “complete headers” of the message.  There’s usually a button or icon in your e-mail program for this.  Usually I look for technical information about where the message is really from.  In this case, there isn’t an obvious address other than ecards@yahoo.americangreetings.com.  However, another red flag appears: there are several addresses in the bcc field, none of which I recognize.  If the sender sent an e-card to at least 8 people I don’t know, then it’s certainly of no personal interest to me. 

      So what is the risk of these messages?  I figure that someone must know, so I did a Google search for “Yahoo American Greetings spam.”  The second link listed goes to an article on securitypronews.com that states the link will prompt your to download a new Flash player, but “instead of the latest version of Flash, the download brings in a malicious file. F-Secure said the payload infects the machine, collects information from it, and sends the details along to the malware's author.”  This is something you don’t want to happen to you.

      Note that yahoo.americangreetings.com is a bona fide site that you can use to send e-cards to your friends and family.

by Carol Sabbar from the Kenosha News on 12-16-07