According to a new article in PC Magazine, cyber criminals are now starting to exploit e-greeting card sites in an attempt to steal confidential information.
In 2007, nearly 1/3 of infected e-mail messages contained a phishing scam, while 7 percent of such e-mail messages masqueraded as an electronic greeting card and directed the target to a malicious site.
Here’s how it works: Hackers place a malicious hyperlink in the e-mail greeting, which first sends the user’s web browser to an exploit server that checks to see if the user’s machine has the most up-to-date security patches.
If it’s unpatched, the server silently force-downloads a rootkit and a keylogger onto the user’s computer before redirecting the web browser to an authentic Yahoo greetings card.
On the user-facing end, the victim clicks the link to view the card. However, the card does not let them know who sent it. The victim closes the card and goes about his business without realizing arootkit was delivered to his PC before he even picked up the card.
How do you avoid this from happening to you? First, never open emails from unknown sources. Second, make sure your PC/Servers always have the most up-to-date security patches. And finally, always maintain an active, up-to-date anti-virus software.