Skip to: Content
Skip to: Site Navigation
Skip to: Search

'Tis the season to be ... wary of e-cards

Before you click on that holiday greeting, learn how you may be helping a hacker or spammer.

By Staff writer of The Christian Science Monitor / December 13, 2007

Kathy Tyson's e-mail box is already reeling from the holidays. Soon after Thanks­giving, this real estate agent from Smyrna, Tenn., received three e-cards in the same week – all from strangers.

Skip to next paragraph

"By the time I got the second one, it was pretty clear that these were just spam," she says. "I can't prove that they were sent by bad people, but they definitely weren't friendly sources. I just deleted them."

Smart move, say experts.

E-cards can spread cheer, cheesy humor, and, unfortunately, computer viruses. Spammers and hackers continually shift their strategies to match the calendar. And this time of year, they often hide behind season's greetings.

While malicious e-cards are not a new problem, their numbers have grown, their tactics have improved, and their victims are still falling for it.

Even Ms. Tyson admits that she was duped by that first e-mail, clicking on a link that promised to load the card. "But I think my computer blocked it – thankfully," she says.

The phony e-mail could have led to anything from a shopping website desperate for advertising to malevolent software eager to sneak onto her PC.

Legitimate e-cards do exist, of course.

This year, 500 million authentic online greetings have been sent worldwide, according to estimates from the Greeting Card Association. American Greetings, the largest e-card publisher, saw a 23 percent rise in the number of electronic messages sent this year compared with 2006.

Paper cards still outnumber their electronic cousins 20 to 1. And Hallmark spokeswoman Julie O'Dell says the company has yet to see e-cards eat away at its traditional business.

Nonetheless, just as mailboxes fill up with catalogues and holiday cards each December, e-mail in-boxes can expect a similar flood of spam.

As he tracks the flow of junk mail from month to month, David Cowings sees very few spikes. Mr. Cowings is a senior manager at the computer security firm Symantec in Austin, Texas. A "spike" assumes that, after shooting up, the rate drops back down.

In fact, the number of spam messages climbs steadily year-round, rises faster each winter, and then continues at that elevated level after the holidays, he says.

It's hard to estimate how much of that junk mail is fake e-cards. But many spam experts agree that the proportion of online greetings surely snowballs each winter.

"It's all a matter of social engineering," says Nick Newman, a computer crime specialist at the National White Collar Crime Center in Richmond, Va. "Since people are expecting to receive cards around Christmas, spammers take advantage of it" and craft their e-mail to match the moment.

"Remember, the most successful e-mail virus of all had the subject line 'I LOVE YOU,' " says David Perry, director of education at Trend Micro. "People respond to 'Merry Christmas' just as well."

One suspicious e-card crawling the Web this year tries to exploit users' feistier side. When opened, the e-mail loads an image of a rascal throwing a snowball at your screen. "You have just been hit with an e-mail snowball!" reads the card, which Symantec included in its December spam report. The card tells readers to forward it on to friends and share the fun.

The snowball card itself is harmless, but it's likely part of a larger scheme. "Each time the e-mail is read, a request is sent to the server hosting the image, and the user's e-mail address is stored ... on the spammer's server," says the Symantec report. So, next time the spammer wants to send out junk mail, he has a fresh list of addresses.

Another of this year's crop put a professional polish on an old trick. The card used Hallmark's official logo and a convincing e-card template to hide its intentions. All the links led to, except the line "To see it, click here." That link would download a program onto your computer that unlocks the PC to hackers.