Zyra TV //// Zyra UK //// Hallmark //// Antivirus Software //// Avoid a Virus //// Bogus e-Cards //// Site IndexHallmark

You have received A Hallmark E-Card. or have you? Is it a VIRUS?! I'll explain...


Firstly, HALLMARK is a real company. We get on well with them. They're a reputable company and I'm happy to have an affiliate page about them: See Hallmark. Now as Hallmark are a famous name in Greeting Cards and Gifts, you might not be surprised to find something arriving as a virtual greeting card or E-Card. However, beware! Although there are genuine e-cards by various companies, most are bogus.

Don't be fooled by the Hallmark real logo and proper links, as these are very easy to fake up. The following is an example of the legendary and notorious Hallmark E-Card VIRUS, but don't worry, because on this page this is a carefully prepared stuffed and mounted version which has been made safe.

Have a read through it, and then afterwards I'll explain what's wrong with it and how you can easily detect these monstrous scams for yourself, and thereby avoid getting your computer infected with a virus. After you've seen it, you'll see it is ridiculous...

Return-path: postmaster@hallmark.com
Delivery-date: Sat, 07 Feb 2009 04:50:13 +0000
Envelope-to: Circular [YOUR ADDRESS WOULD BE SUBSTITUTED HERE]
Received: from mail10.syd.optusnet.com.au ([211.29.132.191])
by golf.xcalibre.co.uk with esmtp (Exim 4.63)
(envelope-from <postmaster@hallmark.com>)
id 1LVf8u-0006eT-Ov
for circular newsletter; Sat, 07 Feb 2009 04:50:13 +0000
Received: from User (ip-250-84.static.darkstarx.net [203.153.250.84] (may be forged))
(authenticated sender pwoldfield@optusnet.com.au)
by mail10.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n174iv3W008606;
Sat, 7 Feb 2009 15:45:02 +1100
Message-Id: 200902070445.n174iv3W008606@mail10.syd.optusnet.com.au
From: "hallmark.com" <postmaster@hallmark.com>
Subject: You have recieved a Hallmark E-Card.
Date: Sat, 7 Feb 2009 05:45:21 +0100
X-Antivirus: AVG for E-mail 7.5.552 [270.10.18/1936]

Hallmark.comShop OnlineHallmark MagazineE-Cards & MoreAt Gold Crown
      You have recieved A Hallmark E-Card.
 
  Hello!

You have recieved a Hallmark E-Card.

To see it, click
here,

There's something special about that E-Card feeling. We invite you to make a friend's day and
send one.

Hope to see you soon,
Your friends at Hallmark

Your privacy is our priority. Click the "Privacy and Security" link at the bottom of this E-mail to view our policy.
 
 

Hallmark.com | Privacy & Security | Customer Service | Store Locator

No virus found in this incoming message.
Checked by AVG.
Version: 7.5.552 / Virus Database: 270.10.18/1936 - Release Date: 2009/02/05 11:34

OK, now let's start at the beginning. You should have been alerted to the fact there was something wrong by the bad spelling. HallmarkHallmark, being a company of some considerable repute, would know how to spell "received", and would not say "recieved" making the elementary mistake with the rule "i before e except after c, where the sound is ee".

The use of genuine Hallmark trade-dress with their coffee and cream colour scheme and actual images remote-served from the official Hallmark site says nothing TrustEabout the genuineness of the message. In fact, Hallmark could (if they were so minded), kibosh these things by swapping the banners around to say "this is a hoax", as seen at the eBay Hoax. A similar thing happened to do with a scam where hoaxers impersonated the EFCC Nigeria

Note that in the Hallmark message, there is nothing to say who is alleged to have sent the E-Card. My advice is: If you receive something which you think might be a real E-Card, you should contact the sender and get them to confirm they have sent it. What I mean is, you should contact them by telephone or by independent e-mail that has nothing to do with the E-Card itself. Your friend will either confirm that they sent it to you, or they'll show no knowledge of it, in which case you KNOW it's bogus!

Either way, don't click on the link until you know who sent it.

Now let's look at the links:

Although the ones in the top banners and the bottom links go to proper places, for example http://www.hallmark.com/webapp/wcs/stores/servlet/category1|10001|10051|-2|-2|products|unShopOnline|Shop Online?lid=unShopOnline , and the images are genuine, for example http://www.hallmark.com/wcsstore/HallmarkStore/images/globalNav/gnav_logo.gif , and even the "Send One" link to

http://www.hallmark.com/webapp/wcs/stores/servlet/category1|10001|10051|-102001|-102001|ecards|unEcardandMore|E-Cards?lid=unEcardandMore appears genuine. However, the link by which you are supposed to be fooled into linking to receive your e-card goes to: http;// members.mywave.at/m206111aa/ cms/ modules/ postcard.exe , which is firstly NOT HALLMARK, and secondarily, if you know how to read a web address, you can see it goes to a subdomain at mywave.at which at a guess is a free webhosting where anyone can set up a site and there's no telling if any of the users set up scam sites. Most telling, and critically important about the link, is that it ends with a filename postcard.exe which shows it is an EXECUTABLE. You should not run executable files on your computer unless you are absolutely sure they are genuine. Executables include filenames ending in .exe , .scr , .bat , .com , and a few other items which you can class as dangerous. There's more about this on the page about how to avoid a virus!

Incidentally, in this carefully stuffed version I have replaced the banners and links with ones that work within this site, so as to avoid other problems. Such is the nature of e-mail taxidermy that the completed beastie on show should be safe!

So, to sum it up: The Hallmark "You have received A Hallmark E-Card" message is false, and if you are duped into following the link to receive the e-card, you could have got a virus in your computer. Don't despair, though; it can probably be removed by some antivirus software. Also, you can avoid being fooled again, by knowing a few things about how to avoid a virus, which is the online equivalent of basic road safety. Also see how to read a web address which should help.

In case you're wondering why AVG anti-virus says "No virus found in this incoming message", that's because the virus isn't actually in the message but is at the end of that link which the scamsters are hoping you'll follow.

That should, by reasonable reckoning, have been the end of the story. Sadly, though, it wasn't. Someone started a CHAIN LETTER about the virus, and it has caused widespread overreaction. Chain letters are a nuisance, and they waste a lot of time and resources, as well as being a means of spreading fear and disinformation. This happened during a period in history when counter-terrorism presented a bigger threat than terrorism. Panic and overreaction, and political misuse of ideas and fears to oppress people, presented a bigger threat to people and their personal freedom than any terrorist campaign could ever have hoped to cause. But leaving aside the world news in which governments are the enemy, not terrorists, let's get back to the question of the Hallmark Virus Chainletter, which, like this message about the Hallmark E-Card virus, has been carefully stuffed so you can eye it up.

Meanwhile, if you'd like to visit the real Hallmark, it should be linked from a dedicated page here: Hallmark

Or, have a look at the panic at the Hallmark Virus Chainletter