If you chuckle at having a digital moose or a singing Elvis wish you happy holidays, it’s a treat when someone sends you an electronic greeting card. With their sophisticated graphics, music and animation, e-cards can be clever and entertaining.
But unlike old-fashioned paper greeting cards that you can open without worry, digital greetings come with an added risk. Just as your family and friends find them fun and convenient to send, scammers see them as a great opportunity to catch you with your defenses down so that they can rip you off.
Like many email-based phishing scams, greeting card cons use social engineering tactics to trick unsuspecting victims into responding. And not surprisingly, they proliferate around occasions when card exchanges are popular: Valentine’s Day, Mother’s Day, the holiday season.
Here’s how it works: You see an email message with an innocent-sounding subject line, announcing that someone you know — coyly, it doesn’t say who — has sent you an e-card. The email includes a link or attachment and, often, has a message or logo that makes it appear to have come from a familiar greeting-card company such as Hallmark, American Greetings or 123Greetings.
Clicking the link might send you to an adult website, or one that’s booby-trapped with malicious software. Opening the attachment could trigger a malware download direct to your computer. That could enable criminals to gain access to personal information on your device, like the passwords for your online bank and credit card accounts, or to stealthily seize control of your machine and turn it into part of a botnet (a network of compromised machines that spews out spam, steals data or wages denial of service attacks).