Thought we were done with ecards? Not yet! Just in from our detection center: a new blended threat with emails in Russian and English, purporting to be a postcard from a friend from the popular postcard site postcard.ru, but actually links to a site that tries to download an .exe file to the user’s computer. The scam email links to a malware site, not to the legitimate postcard.ru. The malware site looks like a postcard, however with the added “bonus” of an automatic download:
I visited postcard.ru and sent myself a postcard from the site, just to see what their emails look like. Of course if phishers can design their emails to appear like they are coming from Chase Manhattan or Citibank, then malware writers can easily copy a text email message word for word. But still, it’s uncanny how much the two emails look alike. However the easiest way to tell the two emails apart is to hover the mouse over the hyperlink in the email, so you can see that the malicious email is simply pretending to link to postcard.ru, and is really directing the recipient to a different site.
The malware email:
The legitimate email from postcard.ru: