I’m seeing phishing emails that look like friendly ecards, and this post is your heads-up on what to look out for. These phishes resemble the Email-Invitation scams that have been circulating for awhile now. Today, I’ll focus on this Blue Mountain eCard phishing example:
This scammy email looks very similar to the real deal. But it is possible to spot a few small tells.
- the email came from a personal email address, not from “ecards@bluemountain.com”
- if you float your cursor over the link to the card, it previews a URL at www.abre.ai or some other unexpected domain
- a real BlueMountain email would contain links and ads at the bottom that contain BlueMountain.com URLs
Many people don’t know about or spot these items, and click through to see their greeting card. If this is you, please know that a simple click on this phish won’t hurt your computer. This scheme does not involve any viruses or malware. Instead, the bad guys behind this want your email and password…
Anyone who clicks in the eCard message will arrive at a fake email sign-in page (note the bogus address in the top bar). This is where the real danger is. If someone cooperates with this page, they will be handing over their email sign-on details to cybercriminals. They’ll use that to commandeer your email and lock you out of it!
So if you arrive at this scenario, please do not type anything and close the window. Delete the email. Then you might call the sender and let them know of the suspicious message you received.
If you’ve typed your credentials into this fake window, time is of the essence. You should attempt to reset your email password ASAP, before the crooks use it against you!