'Tis the season to be ... wary of e-cards
Before you click on that holiday greeting, learn how you may be helping a hacker or spammer.
Kathy Tyson's e-mail box is already reeling from the holidays. Soon after Thanksgiving, this real estate agent from Smyrna, Tenn., received three e-cards in the same week – all from strangers.
"By the time I got the second one, it was pretty clear that these were just spam," she says. "I can't prove that they were sent by bad people, but they definitely weren't friendly sources. I just deleted them."
Smart move, say experts.
E-cards can spread cheer, cheesy humor, and, unfortunately, computer viruses. Spammers and hackers continually shift their strategies to match the calendar. And this time of year, they often hide behind season's greetings.
While malicious e-cards are not a new problem, their numbers have grown, their tactics have improved, and their victims are still falling for it.
Even Ms. Tyson admits that she was duped by that first e-mail, clicking on a link that promised to load the card. "But I think my computer blocked it – thankfully," she says.
The phony e-mail could have led to anything from a shopping website desperate for advertising to malevolent software eager to sneak onto her PC.
Legitimate e-cards do exist, of course.
This year, 500 million authentic online greetings have been sent worldwide, according to estimates from the Greeting Card Association. American Greetings, the largest e-card publisher, saw a 23 percent rise in the number of electronic messages sent this year compared with 2006.
Paper cards still outnumber their electronic cousins 20 to 1. And Hallmark spokeswoman Julie O'Dell says the company has yet to see e-cards eat away at its traditional business.
Nonetheless, just as mailboxes fill up with catalogues and holiday cards each December, e-mail in-boxes can expect a similar flood of spam.
As he tracks the flow of junk mail from month to month, David Cowings sees very few spikes. Mr. Cowings is a senior manager at the computer security firm Symantec in Austin, Texas. A "spike" assumes that, after shooting up, the rate drops back down.
In fact, the number of spam messages climbs steadily year-round, rises faster each winter, and then continues at that elevated level after the holidays, he says.
It's hard to estimate how much of that junk mail is fake e-cards. But many spam experts agree that the proportion of online greetings surely snowballs each winter.
"It's all a matter of social engineering," says Nick Newman, a computer crime specialist at the National White Collar Crime Center in Richmond, Va. "Since people are expecting to receive cards around Christmas, spammers take advantage of it" and craft their e-mail to match the moment.
"Remember, the most successful e-mail virus of all had the subject line 'I LOVE YOU,' " says David Perry, director of education at Trend Micro. "People respond to 'Merry Christmas' just as well."
One suspicious e-card crawling the Web this year tries to exploit users' feistier side. When opened, the e-mail loads an image of a rascal throwing a snowball at your screen. "You have just been hit with an e-mail snowball!" reads the card, which Symantec included in its December spam report. The card tells readers to forward it on to friends and share the fun.
The snowball card itself is harmless, but it's likely part of a larger scheme. "Each time the e-mail is read, a request is sent to the server hosting the image, and the user's e-mail address is stored ... on the spammer's server," says the Symantec report. So, next time the spammer wants to send out junk mail, he has a fresh list of addresses.
Another of this year's crop put a professional polish on an old trick. The card used Hallmark's official logo and a convincing e-card template to hide its intentions. All the links led to Hallmark.com, except the line "To see it, click here." That link would download a program onto your computer that unlocks the PC to hackers.
How to avoid malicious e-cards
Here are some ways to sniff out the good e-cards from the bad.
Check who sent it. Don't open anything from someone you don't know, says Max Weinstein, a project manager at StopBadware.org.
"If it just says that you got a card from a 'friend' or 'family member,' assume it's spam," he says. "Real e-cards will say the name and probably the e-mail address of the sender." This first rule should apply to all e-mail, he adds.
If you're not sure that "Joe" is the Joseph that you know, reply to the sender or call your friend just to make sure that he sent it, says Mr. Cowings at Symantec.
Look for verification codes. Along with links, most big e-card companies now include individualized numbers with each greeting. That way, if you're worried about where a hyperlink might lead, you can go to, say, Hallmark.com directly and type in the code to receive your e-card. That way, you stay within the safety of their website.
Beware of other holiday scams. With online shopping reaching record highs this year, fraud experts expect a similar rise in "phishing" schemes. Last December, the Federal Trade Commission received 24,000 reports of websites attempting to fool users into giving up their credit-card information.
Don't let down your guard after New Year's. Last July, the FBI issued a warning of "Internet fraud schemes" tied to e-greetings after they "received a rising number of complaints from citizens over the past few weeks."
"These spam e-mail messages are hoaxes," the warning says, "and should be immediately deleted."
The greener side of greeting cards
Americans mail 2 billion paper cards between Thanksgiving and Christmas each year. And by January, many of them are in the garbage. Recycling those discarded greetings could save the equivalent of 666,600 trees, according to the British environmental group Friends of the Earth.
So, looking beyond the potential dark side of e-cards, several online card companies have started focusing on the greener aspect of online greetings. Here are a few legitimate e-card websites that can help you spread cheer without creating waste:
TreeGreetings.com – For each of its e-cards that users buy, the company will plant a tree. Sporting the tag line "the gift that keeps on growing," TreeGreetings lets shoppers select a kind of tree (shade, flowering, or fruit) and whether they want it to blossom in Central America or the United States, as well as which customizable animation they wish to send. The card-tree combos cost anywhere from $6 to $10.
BlueMountain.com – Run by American Greetings, the largest e-card company, this subscription-based website (starting at $14 for the first year) has a vast catalog of professionally designed cards. They offer selections for even the most dubious of holidays, such as Dec. 25's lesser-known celebration: Gravity Day. The first month of service is free.
MOMA.org/ecards – If you seek a more cultured touch, New York's Museum of Modern Art offers free e-cards of some of its most popular art, including work from Pablo Picasso and Paul Cézanne.
Photobucket.com – This free photo-sharing website offers a simple slide-show creator that lets users design, send, and post animations online. The site is currently promoting a "Save Paper, Send Slide Shows" Christmas theme, sponsored by the Nature Conservancy.