I received the following email that looks innocent enough. The links have been removed:
You have received a postcard from a family member! You can pick up your postcard at the following web address:
If you can‘t click on the web address above, you can also
visit 1001 Postcards at http://www.postcards.org/postcards/ and enter your pickup code, which is: a91-valets-cloud-mad (Your postcard will be available for 60 days.)
Oh — and if you‘d like to reply with a postcard, you can do so by visiting this web address:
http://www.postcards.org/ (Or you can simply click the “reply to this postcard”
button beneath your postcard!)
We hope you enjoy your postcard, and if you do, please take a moment to send a few yourself!
If you check whois for postcard.org, you receive the following information:
The site of the San Francisco Bay Area Post Card Club (SFBAPCC), where the collecting of old vintage antique postcards is done with passion. Club meetings are held at Fort Mason Center once a month. Vistors [sic] and dealers are welcome.
Postcard.org appears to be a reliable site. The problem is that the links in the email actually redirect to – http://getpostcard.uni.hu/postcard.exe (the link has been removed). Seeing the URL end in an executable does not give me a secure feeling. This is exactly the type of ploy someone would use to get an unsuspecting person to click to run an executable to take over their system. The scammer is hoping to exploit the name recognition to postcards.org to fool the unsuspecting.
This is a typical ploy used by spammers and phishers. You are sent an email, with links that appear to be valid, but when you check the links you are redirected to another site. This is the same ploy scammers use with links to well known banks. You are sent an email that appears to be official, but the links actually have IP addresses in them. Unless you have first hand knowledge of an IP address, I would suggest against clicking these types of links.
As technology becomes more sophisticated, traditional scams become more sophisticated. I wrote about security and Facebook with my post Facebook Paving the Way for Identify Theft.
These types of emails just demonstrate the need to be careful using technology.