It can be a nice surprise. You take a look at your email
and there it is: an electronic greeting card. These
e-cards, as they’re called, are nothing new.
Unfortunately, neither are the scams that can go along with
them. (Clips from e-cards shown throughout segment)

Although seemingly innocent, this party animal or talking
bird may just be a decoy. Hackers and spammers are sending
altered electronic cards from senders identified as, quote,
"an old classmate" or, quote, "secret admirer" to lure
unsuspecting victims.

When users click on the link provided, they may get their
greeting, but what they’re also getting is a virus, tearing
through the guts of their computer, stealing their
identity, money or both.

Symantec Corporation, makers of the popular Norton
AntiVirus software, says these scams are on the rise.

Mr. ROWAN TROLLOPE (Symantec Corporation): In July alone
of this year, we’ve seen over 250 million fake greeting
card scams being sent out to consumers.

LAUER: And yet according to a recent Consumer Reports
poll, plenty of online users are leaving themselves wide
open for attack.

Mr. PAUL REYNOLDS (Consumer Reports): Your chances of
becoming a victim of one of these online threats at least
is still one in four, and the total damage we estimate is
about $7 billion a year.

LAUER: According to their findings, 1.8 million households
have replaced their home computers in the last two years
due to virus infections.

Jim Stickley is a cybercrime expert with TraceSecurity and
showed us just how easy this scam is.

Mr. JIM STICKLEY (TraceSecurity): I received a card from a
reputable card company and basically I sent it to myself.
So what I’m going to do now is take this e-card, modify it,
and I’m going to resend it out to other people.

It’s going to look very legitimate because it’s actually
their email. I mean, all I’m doing is changing it up. You
always strip out anything that’s real as far as their name,
anything that’s actually tying specifically to a person.

LAUER: Once the card is created, Jim adds his own hidden
link to a virus.

Mr. STICKLEY: And then it says to use this product you
need to install free software, and that software in turn is
going to do malicious things on your computer.

LAUER: Financial institutions like banks and credit unions
are likely targets.

Mr. STICKLEY: So I just sent this out about a minute and a
half, two minutes ago. This is to an employee of a credit
union in the Midwest. Oh, look, I already got somebody.

We already nailed them. We have success that quick. And
there it is right there. There’s the contents of the hard
drive. I could see if they have anything that they store
on their systems. It shows me that I--you know, who the
employee is, and it shows me the IP address of their
network, which means I now have access to login to all
their customers’ accounts.

So I could get Social Security numbers, account numbers.
If I’m having this much success when I’m going after
corporations, you know, imagine how easy it is to go after
a home user.

LAUER: Jim Stickley, good morning.

Mr. STICKLEY: Good morning.

LAUER: You’re a little too good at this, you know.
It’s--it’s weird, I was watching that and I was reading the
information last night. I’ve gotten a lot of these
e-cards. I’ve opened some of them. Does that mean I’m
automatically infected with a virus?

Mr. STICKLEY: No, it doesn’t mean you’re automatically.
It depends on if it was legitimate or not.

LAUER: You--they--they play on your ego.

Mr. STICKLEY: Absolutely.

LAUER: We all want to be invited to parties. We all want
to know that we have a secret admirer. That’s how they get
you to open these things up.

Mr. STICKLEY: Yeah. I use the secret admirer almost
always and that works so well. Because you get that and
you’re, like, ‘Woo, someone likes me.’

LAUER: You got a random employee of one of your client
companies to respond to one of those. Did a lot of other
people respond during your--your little experiment there?

Mr. STICKLEY: Yeah, we sent out 15 and we got 11 back.

LAUER: That’s a pretty good--that’s a pretty good
response.

Mr. STICKLEY: Huge.

LAUER: So does this mean that the average consumer out
there, or computer user, should just absolutely avoid these
e-cards altogether? I mean, that would put an end to this
whole system.

Mr. STICKLEY: Yeah. You know, I mean, that would be one
solution, but I don’t recommend that. I think you can
watch for things.

When you get an e-mail, watch and see is it to your name,
is your name somewhere, like "Dear Jim"? Is it from
somebody you know, not just "secret admirer" but somebody
you actually know? And then is it going to a reputable
company? If it’s going to, like, hallmark.com, Hallmark’s
pretty reputable; you should be fine.

LAUER: How--however, sometimes, as you said, they--they
make it look like it’s going to a reputable company. Is
there anything that the companies themselves can do to
prevent their greeting cards from being turned into scams?

Mr. STICKLEY: Not so far. I mean, it’s pretty hard.
They’re the victim, as well. I mean, basically, someone is
just pretending to be them, and it’s very difficult to stop
somebody from doing that.

LAUER: Let’s go over advice, because it’s most important
in these segments to try and give people information they
can use. You say do not open an e-card from an address you
do not recognize.

Be wary of cards that look generic or don’t contain your
name, which you just talked about. Don’t install software
unless you know the source. That’s an important one.

Mr. STICKLEY: So important, so important. I mean, once
you’re installing something, you’re basically giving that
application full access to your system. So unless you’re
absolutely certain that that--whatever that software is, is
legitimate, don’t do it.

LAUER: And keep your antivirus software up to date. You
often get notices that say there’s an update for that.
Take the update.

Mr. STICKLEY: Always, always. I mean, immediately, the
minute there’s something available, do it.

LAUER: Holiday time a real bad time for this sort of scam?

Mr. STICKLEY: Real bad. Mother’s Day, Father’s Day,
Christmas, Halloween--any time when you’re getting those
types of emails going out for these e-cards.

LAUER: All right.

And real quickly: monster.com. There’s been a report that
they--that their site was hacked--it’s a popular job
site--and that perhaps some personal information was
compromised. What do you know about that?

Mr. STICKLEY: Yeah. Yeah, it wasn’t the site itself. It
was, again, very similar. An e-mail went out to a bunch of
people that are using monster.com and it convinced them to
load software on behalf of Monster, but it wasn’t really
from them.

LAUER: Jim Stickley. Again, thanks for the information.

Mr. STICKLEY: Sure.

LAUER: I appreciate it.

# # #