Greeting card scams are all the rage. It’s a big part of how the Storm worm got so many happy participants.
In response to scams using American Greetings’ style emails, the company has changed their format.
Now, I’m glad to see something’s happening here, and it’s a start. But here are some points to consider.
Sender’s personal information is in the subject line
Ex. “John Smith has sent you an ecard from AmericanGreetings.com”
Ok. But since these spams are coming from infected machines, well, that’s easy to spoof.
“ecards@americangreetings.com” is the actual “from” email address with “Ecard from AmericanGreetings.com”as the “from” display name.
Please. That’s so trivial to spoof, it’s a joke. That’s not even a security recommendation. That’s just a dangerous piece of advice.
Sender’s name and email address are included in the body of the email
Right, but again, these are sent from infected machines and can simply use the address book of the infected user. (It’s true that this would only apply to the names that the sender had in their address book, not in other email addresses the infected system/spam zombie might be ordered to send to. But nevertheless, people seem to click on “a friend sent you a greeting card” anyway, regardless if it’s from someone they know or not: Just witness the Storm worm’s ubiquity.)
American Greetings’ changes will help a wee bit, and I am glad they’re doing at least this. But it’s going to take a lot more to fix this problem.
Alex Eckelberry