Beware: You've received a postcard from a family member!

Just received the message below and doing anything with it (aside from warning the world) would violate several rules including:

NEVER open a link when you don't know the sender. As I recall, every e-card I've ever received at least said who the card was from before asking me to click through.

NEVER click on an e-mail link that only has an IP address. A legit link would be to something like "cards.egreetings.com," not 88.xxx.xxx.xxx. This particular address is somewhere in the Netherlands.

NEVER run a program or allow a plug-in when you can't absolutely trust where it came from. This one asks you to either run an .exe or download an "Outlook plug-in." As far as I'm concerned anyone who allows either of these probably deserves what they get. Man, the stuff they should be teaching kids in school these days.

Good day.

 

Your family member has sent you an ecard from 123greetings.com.

 

Send free ecards from 123greetings.com with your choice of colors, words and music.

 

Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.

 

To view your ecard, choose from any of the following options:

 

--------

OPTION 1

--------

 

Click on the following Internet address or copy & paste it into your browser's address box.

 

http://82.156.24.59/?<my_supposed_key>

 

--------

OPTION 2

--------

 

Copy & paste the ecard number in the "View Your Card" box at http://82.156.24.59/

 

Your ecard number is

<edited out>

 

Best wishes,

Postmaster,

123greetings.com

 

Using any WHOIS server to find out who owns that IP address, you can learn that this rabbit hole leads to the RIPE Network Coordination Centre in the Netherlands, it might as well lead straight to hell. In turn that registry points here, what looks to be a cable internet operator called Wanadoo Netherlands.

% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag.
% Information related to '82.156.0.0 - 82.156.255.255'
inetnum:         82.156.0.0 - 82.156.255.255
netname:         WANADOO-CABLE
descr:           Wanadoo Nederland
descr:           Muiderstraat 1
descr:           1011 PZ Amsterdam
country:         NL
admin-c:         EIAR1-RIPE
tech-c:          EIAR1-RIPE
status:          ASSIGNED PA "status:" definitions
mnt-by:          EURONET-MNT
source:          RIPE # Filtered
role:            EuroNet Internet Administrative Role Account
address:         Orange Breedband Nederland B.V.
address:         Network Department
address:         Muiderstraat 1
address:         1011 PZ Amsterdam
address:         The Netherlands
phone:           +31 20 535 5555
fax-no:          +31 20 535 5400
e-mail:          eiar1@euro.net
admin-c:         RK31337-RIPE
tech-c:          BL78
tech-c:          GD31337-RIPE
tech-c:          HT772-RIPE
nic-hdl:         EIAR1-RIPE
remarks:         In case of abuse issues, please contact abuse@wanadoo.nl
mnt-by:          EURONET-MNT
source:          RIPE # Filtered
% Information related to '82.156.0.0/15AS5390'
route:           82.156.0.0/15
descr:           Wanadoo Nederland
origin:          AS5390
mnt-by:          EURONET-MNT
source:          RIPE # Filtered

 

After a little searching I found addresses for both a helpdesk and a place to report abuse. With a little luck, someone will read that mail and shut this down before you or I wind up spending another moment repaving a friend's machine.

 

No Comments