Egreetings.com's first priority is always you, our customer, which involves providing you with information on
how to protect yourself from the recent ecard email scam impacting our industry. As you may have heard,
fraudulent emails are currently being sent that portray themselves as messages from legitimate companies but
contain malicious links. Vulnerable computers may be compromised when recipients click on these links.
The good news is that there are quick and easy ways to protect yourself from these fraudulent emails. First, you can choose not to click on any links within an email if you have any suspicion that the ecard email you received is fake. Instead, users can always go directly to the official website URL of the stated ecard provider (e.g., www.egreetings.com) to safely pick up and view the ecard sent to them. This requires no clicking on suspicious email links.
In addition, we have made some significant updates in order to make legitimate ecards easier to detect and view. Please read below for more information on our recent changes.
What's new?
- We have made it easier to find the ecard pickup area on our site, so you can quickly and safely view your greeting without clicking on any email links. On Egreetings.com, it is now located in the left-hand area of the homepage (www.egreetings.com)
- We have created this informational portal to help you navigate through your issues and questions related to email security. Stay tuned for future updates!
More about the recent phishing attack
A wide variety of websites and brands have been affected. While the subject line of the malicious ecard email tends to be generic, such as "You've received an ecard from a class-mate!" or "You've received a postcard from a family member," more recent examples include brand-specific messaging such as "Worshipper sent you a postcard from egreetings.com." Also, the pickup link within a malicious ecard email is most likely always an IP address, such as 127.0.0.1, which is much different than the typically used pickup link from a legitimate ecard sender that starts off with the host name (e.g., "www.egreetings,com) and not a series of numbers.. As of August 23rd, we have started observing fake emails where the link shows a host name (e.g., http://egreetings.com) but the actual link goes to an IP address instead of egreetings.com. To see if there is an IP address associated with the link, hover over it with your cursor. If you see a URL when hovering over the link that has a series of numbers, such as http://89.678.999.12, it is not a legitimate link and you should not click on it.
Update as of October 29, 2007
A particular email attacking Egreetings has been indentified as of October 29, 2007. Here are some indicators:
- It references a flash executable. We will never send you an executable (exe) file and ask you to click on it and download.
- When hovering your mouse over the pickup link it shows something other than www.egreetings.com. Make sure you check all links within an email before clicking on one. Any inconsistencies will indicate that the email is fake.
- No personalization in the subject line or body of the email. If you do not recognize the sender of the email, either because the name is not indicated or you are unsure that you really know the individual, do not click on links within the email.
What people should do when they receive an ecard email claiming to be from Egreetings.com:
- First and foremost, if there is any suspicion that you have received a fraudulent ecard email, do not click on any link.
- If you have any doubt who the email is from, manually type in www.egreetings.com after the http:\\ found in your Internet browser.
- Then find the ecard pickup link (ours is found in the left-hand area of our homepage: www.egreetings.com) to safely view your ecard.
How to tell the difference between good emails and bad emails
At a quick glance after reviewing the table below, you will be able to tell the difference between legitimate ecard email notifications and emails not from us. However, we still recommend that you manually type in www.egreetings.com after the http:\\ found in your Internet browser to view your ecard to ensure complete safety.
| Egreetings.com ECard Emails | Fake Ecard Emails | |
|---|---|---|
| Subject Line | (Sender's name) has sent you an ecard from Egreetings.com
[Reminders to pickup your ecard will have the following subject lines:
|
Subject line varies.
Examples include:
|
| "From" | Ecard from Egreetings.com [ecards@egreetings.com] | "From" varies.
Examples include:
|
| Email Message | The sender's name and email address is always in the body of the email. You should personally recognize this individual before engaging further in the email. | May or may not include random individual's name and email address. |
| Links in Email | ECard pickup link will always have egreetings.com as the start of the URL. In addition, we will never send you an EXE file. If your email contains a clickable URL that is an EXE file, do not click on it. | ECard pickup link does not start with www.egreetings.com, but instead shows a series of numbers (commonly referred to as an "IP Address"). Sometimes the IP address is hidden and can only be seen by hovering your cursor over the link or right-clicking on the link to view Properties. May or may not include a clickable URL that is an EXE file. |
Example of a legitimate Egreetings.com email
(Note: we also have pickup reminder emails sent to the recipient at a future date that may have different copy, but same general attributes as outlined above).
From: Ecard from Egreetings [mailto:ecards@egreetings.com]
Sent: Wednesday, August 01, 2007 11:50 AM
To: Jane Smith
Subject: John Smith has sent you an ecard from Egreetings.com
John Smith (jsmith@abcd.com) has sent you an ecard.
To view your ecard, choose from the options below.
For your security, if you'd prefer not to click on links within this email:
- Type http://www.egreetings.com/?source=eg999&rr=y into your web browser.
- Locate the ecard pickup box in the left-hand area of the page.
- Enter the following code --> 1234567890
Please do not reply to this email. To help resolve your issue or question, go to: http://www.egreetings.com/customer/emailus.pd?source=eg999 We have an extensive help center that may answer your questions, or you can choose to email us from there.
If you would like to read about email protection, type http://www.egreetings.com/emailprotection into your web browser.
Your friends at Egreetings.com
Example of an email NOT from Egreetings.com
From: <abcdefg@abc.com>
To: jsmith@hotmail.com
Subject: birthday e-card
Date: Fri, 17 Aug 2007 03:37:48 -0700
Good day.
Your Neighbour has sent you birthday e-card from egreetings.com.
Click on your birthday e-card link below:
http://72.177.114.7/
Copyright © 1991-2007 egreetings.com All Rights Reserved
What you can do to protect yourself from fraudulent ecard emails moving forward
If you feel that you have received a fraudulent ecard email claiming to be from Egreetings.com, please submit your example to security@egreetings.com to help in our investigations. Due to the magnitude of email to this inbox, you will not receive a response; however, you can be assured that your submission will help us continue to fight spam and phishing.
You can also file a complaint at the Internet Crime Complaint Center of the FBI.
Some additional recommendations to further protect you:
- Make sure to always use the latest version of your Internet browser, as they will check for potentially fraudulent websites when browsing the web.
- Save our known address to your safe senders list so that legitimate ecard messages are ensured to be delivered. This does not ensure that ecard scams do not get into your inbox, however.
- Please continue to be mindful of the above characteristics of our ecard emails versus the malicious emails and report any findings to security@egreetings.com.