Lou Tisch
Well-known member
I received a "hallmark.com" E-Card the other day. Fortunanely I didn't click on the "get card" button. One thing that cued me in was the word "received" was spelled wrong in the message..."you've recieved an e-card from a friend".
I emailed hallmark from their website and this is the response I received.
Lou
forewarned is forearmed.
============
Response (Support Agent) - 04/14/2009 11:33 AM
Thank you for contacting Hallmark.
The email you have received was not sent by Hallmark.com or a person using Hallmark.com.
Hallmark is one of several greeting card companies being targeted via fraudulent e-mails
that are flooding the Internet. These e-mails claim to have a link to an E-Card from a
family member, friend or neighbor. Clicking on the link downloads a virus onto your
computer that compromises personal data.
Here's what you should do:
--Delete the e-mail without opening it.
--If you have opened it and want to forward it to us, send it to abuse@hallmark.com. Due
to the large amount of e-mail we receive at that address we will not be able to reply to
your e-mail, but we will investigate. Then delete the e-mail from both your in-box and
your sent folder. If you click on the link in the bogus e-mail, you will launch a Trojan
virus. This virus installs an Internet Relay (IRC) chat client and causes the infected
computer to connect to an IRC channel. Attackers then use that connection to remotely
command your machine for the purpose of gathering your personal information. An example
of this virus is the Zapchast virus.
--If you use Windows XP and Internet Explorer you should visit update.microsoft.com to
update your browser and operating system. Then you will be less likely to be affected by
the virus.
--Report suspicious e-mail to your e-mail service provider so they can take action.
--File a complaint at http://www.ic3.gov/.
If you are unsure if you've received a legitimate Hallmark E-Card, don't click on a link
in the e-mail. Instead locate the EG number in the e-mail and use our E-Card pickup.
What Hallmark is doing:
--Contacting the Internet providers identified as the source of the spam requesting that
they shut down the imposters.
--Working with Microsoft to include the virus code in their phishing filter to protect
consumers who use their web browser and e-mail client software.
--Working with anti-virus software corporations to get the virus code added to virus
definition updates.
--Reviewing Hallmark's E-Card notification and pickup procedures.
--Educating consumers about how to avoid E-Card abuse.
How to tell if a Hallmark E-Card notification is real:
--Hallmark e-card e-mails do not include any attachments. To be safe, if you receive an
e-card notification with an attachment delete it immediately then empty your
"trash" or "deleted e-mails" from your email client.
--A legitimate Hallmark e-mail notification will come from the sender's e-mail address,
not Hallmark.com.
--The sender's first name and last name will appear in the subject line. If you do not
recognize the name of the person sending the E-Card, do not click on any links in the
e-mail. Delete the e-mail.
--The notification will include a link to the E-Card on Hallmark.com as well as a URL
that can be pasted into a browser.
--The URL will begin with http://hallmark.com/ followed by characters that identify the
individual E-Card.
--Hallmark E-Cards are not downloaded and they are not .exe files.
--In addition, Hallmark.com will never require an E-Card recipient to enter a user name
or password nor any other personal information to retrieve an E-Card.
I emailed hallmark from their website and this is the response I received.
Lou
forewarned is forearmed.
============
Response (Support Agent) - 04/14/2009 11:33 AM
Thank you for contacting Hallmark.
The email you have received was not sent by Hallmark.com or a person using Hallmark.com.
Hallmark is one of several greeting card companies being targeted via fraudulent e-mails
that are flooding the Internet. These e-mails claim to have a link to an E-Card from a
family member, friend or neighbor. Clicking on the link downloads a virus onto your
computer that compromises personal data.
Here's what you should do:
--Delete the e-mail without opening it.
--If you have opened it and want to forward it to us, send it to abuse@hallmark.com. Due
to the large amount of e-mail we receive at that address we will not be able to reply to
your e-mail, but we will investigate. Then delete the e-mail from both your in-box and
your sent folder. If you click on the link in the bogus e-mail, you will launch a Trojan
virus. This virus installs an Internet Relay (IRC) chat client and causes the infected
computer to connect to an IRC channel. Attackers then use that connection to remotely
command your machine for the purpose of gathering your personal information. An example
of this virus is the Zapchast virus.
--If you use Windows XP and Internet Explorer you should visit update.microsoft.com to
update your browser and operating system. Then you will be less likely to be affected by
the virus.
--Report suspicious e-mail to your e-mail service provider so they can take action.
--File a complaint at http://www.ic3.gov/.
If you are unsure if you've received a legitimate Hallmark E-Card, don't click on a link
in the e-mail. Instead locate the EG number in the e-mail and use our E-Card pickup.
What Hallmark is doing:
--Contacting the Internet providers identified as the source of the spam requesting that
they shut down the imposters.
--Working with Microsoft to include the virus code in their phishing filter to protect
consumers who use their web browser and e-mail client software.
--Working with anti-virus software corporations to get the virus code added to virus
definition updates.
--Reviewing Hallmark's E-Card notification and pickup procedures.
--Educating consumers about how to avoid E-Card abuse.
How to tell if a Hallmark E-Card notification is real:
--Hallmark e-card e-mails do not include any attachments. To be safe, if you receive an
e-card notification with an attachment delete it immediately then empty your
"trash" or "deleted e-mails" from your email client.
--A legitimate Hallmark e-mail notification will come from the sender's e-mail address,
not Hallmark.com.
--The sender's first name and last name will appear in the subject line. If you do not
recognize the name of the person sending the E-Card, do not click on any links in the
e-mail. Delete the e-mail.
--The notification will include a link to the E-Card on Hallmark.com as well as a URL
that can be pasted into a browser.
--The URL will begin with http://hallmark.com/ followed by characters that identify the
individual E-Card.
--Hallmark E-Cards are not downloaded and they are not .exe files.
--In addition, Hallmark.com will never require an E-Card recipient to enter a user name
or password nor any other personal information to retrieve an E-Card.
