Bah Humbug! Don’t Open that Holiday Card!

No one wants to be a Grinch at the holidays, but sometimes it’s the only way to protect yourself from malicious software that can steal your identity and your online account access. One of the biggest culprits at this time of year is the scam “holiday e-card” that infects your computer with a virus, malware, adware, spyware, or any other nasty “ware” you can think of!

Backing up, e-card is short for electronic card. It’s an emailed link to a fun or meaningful holiday message that comes complete with personalized greetings, audio, video, photographs, and more. There are a lot of legitimate companies that let you create beautiful e-cards with just a few simple steps, and they can be both a time saver and a sound economical choice, especially if your card list is very long.

Unfortunately, as the saying goes, we just can’t have nice things, can we? There are a wide variety of ways that scammers and hackers can take advantage of e-card popularity to wreak havoc with your personal information.

If you receive an email stating that there’s an e-card waiting for you, here are some important things to remember:

  1. Who sent it – If the sender is a name you don’t recognize, delete it immediately. You’re not a Grinch for not viewing an e-card sent by a stranger, but there’s plenty of risks involved in clicking the link to open the card. However, if the sender is a name you recognize, you still have to be careful! That person’s email account could have been hacked specifically for the purpose of sending out viruses to everyone in her contact list. 

So how do you open your sister-in-law’s e-card without offending her, but without putting yourself at risk? Send back a quick reply: “Oh, how sweet of you to think of me! I can’t wait to open that e-card you sent as soon as I have time to really enjoy it!” If she didn’t send it, her reply will look something like this: “What e-card?” Then you’ll know to delete it immediately and to let her know that her email has been hacked. If she confirms that she sent it, then you’ve already done the work of thanking her for it! 

  1. How’s the grammar – There are some tell-tale signs of a fraud attempt or phishing attack, and the same is true when e-cards are involved. If the email containing the link has grammar and spelling mistakes, especially if your name or the sender’s name is misspelled, then be very cautious about opening it. Again, there’s no harm in deleting the email, even if it was intended for you. It’s better to be safe than sorry. 
  1. You don’t have to be a hacker to pull this off – Typically, the threat of a malicious e-card comes from a hacker attaching a virus to an actual card, then getting you to download it. Unfortunately, it doesn’t take any skill at all to make a fake email that claims to contain a card. All the person has to do is craft an email and include a link that says it’s a card. The link itself may be the virus, rather than piggybacking off the card you received. 
  1. Protect yourself – Of course, this attack works best if your computer isn’t protected by strong antivirus and antimalware software. Even if it’s a genuine card from a loved one, the company that creates the e-cards could have been hacked and viruses embedded in their product. If it’s just a scammer trying to get you to click a link, the danger is even more real. In either case, having strong computer protections in place will help thwart an attack.

As always, anyone who believes their identity has been stolen or their personal data has been compromised is invited to connect with the ITRC through our toll-free call center at (888) 400-5530, or on-the-go with the new IDTheftHelp app for iOS and Android.

Pin It



ITRC Sponsors and Supporters 





Go to top


Need identity theft information on the go?

Download our ID Theft Help Mobile app.