Tips & Advice

7 steps for identifying an e-card scam

Emma McGowan, 15 December 2020

Make the most of your holiday greeting exchanges by avoiding fraudulent e-cards

With the holiday season in full swing, you might be seeing a flurry of e-cards. Cheaper, more animated, and easier to send than via post, e-cards have taken the place of many people’s traditional holiday cards. But unlike a traditional snail mail card, e-cards come with risks.

Yeah, it’s a bummer, but malicious actors take advantage of people’s holiday cheer by using e-cards as a method for delivery of malware. That means clicking on that seemingly friendly e-card could result in you downloading a virus, stealing your personal information, turning your email address into a spam machine, or even taking over your computer.

But, luckily, there are ways to protect yourself against e-card scams! Here are seven steps to take before opening that e-card.

1. Check who the sender is

First things first: who’s sending it? If it’s a name you don’t recognize or it’s from a generic address, like “webmaster@hallmark.com," don’t open it. There’s no reason for Hallmark to send you an e-card and there’s no reason for someone you don’t know to send one, either. Same goes for a “friend” or “secret admirer.” We’re not in elementary school anymore, folks. Grown-ups don’t do this. 

2. Contact the sender

If you do recognize the name of the sender, contact that person directly and ask if they sent you an e-card. Shoot them an email or a text that just says “Hey, I got this e-card and want to make sure it’s you before I open it.” Easy-peasy and a great way to protect yourself. 

It’s also possible that someone you know was a victim of a scam themselves — and some scams involve spamming a person’s inbox with infected emails. So checking in with your friend or loved one not only protects you but potentially makes them aware of what happened, thereby protecting everyone they know as well.

3. Confirm who the e-card is addressed to

If the e-card is addressed to a general recipient like “Friend” or “Customer,” don’t open it or click on any links or downloads. Really, that’s just laziness on the part of the scammer!

4. Google it

If you’re not sure about a message, search for the name of the company from which the e-card came along with “scam” and see if anything comes up. If it is fraudulent, chances are that other users have already reported it and the information is out there.

5. Don’t assume a logo means that it’s legitimate

Cybercriminals can be pretty savvy and it’s not that hard to slap a logo — or even an email address — onto something and make it look legitimate. So while it’s a good idea to look for those signifiers that something is legit, their presence alone isn’t enough to validate an e-card.

6. Look for a confirmation code

E-cards from legitimate companies will come with a confirmation code and a way for you to access the card from their website. Don’t click on any links within the email, just in case, but instead type the address of the company into your search bar. 

If there’s no confirmation code in the email? Big red flag — it’s very likely to be an e-card scam.

7. Don’t download anything that contains an “.exe” file

It’s generally a good idea to avoiding downloading anything in an e-card email (just go directly to the company’s website, per Step 6), but be especially cautious about anything with an “.exe” file. That means the file contains an executable file, which are most commonly used to install software. There’s never a reason for an e-card to install something on your computer.

We know it’s a little bit of a pain, but it’s worth it this holiday season to protect yourself and your loved ones against e-card scams. Stay informed, stay safe — and have a lovely holiday season.