eCards (electronic or online greeting cards) have become very popular over the past few years. They provide a convenient, inexpensive and fun way to send greetings to friends and family – or if you run a business – your customers. eCards are especially popular for occasions celebrated by many people such as Christmas or Valentine’s Day – as well as for individual occasions such as birthdays and weddings. However, as is the case with emails, you need to exercise care when you either receive or send an eCard, in case it is actually a disguise for some kind of scam.

The risks

  • A legitimate-looking eCard, once it is clicked and/or any attachments downloaded, could contain malware which:
    • Infects your computer or mobile device with spyware which can result in fraud or identity theft.
    • Sends bogus emails, that appear to come from you, to all of your email contacts.
    • Launches inappropriate websites, or displays inappropriate images.
    • Bombards you with pop-up advertisements
  • A legitimate-looking eCard may contain an invitation to click on a link to supposedly open your card, but is in fact phishing for personal or financial information.
  • If you are sending an eCard, the website you use to do so may be bogus and involve you in sending eCards that contain malware.

Avoiding fake eCards

  • Watch out for:
    • Spelling mistakes in words or in your name.
    • eCards not addressed to you, or to a random recipient name such as ‘Dear Friend’ or ‘Dear Customer’
    • Errors in the message, for example, it says you sent a card, not received one.
    • Senders who are not known to you (why would anybody you do not know send you a card?)
    • Senders with obviously bogus names or, if they are from ‘Card Sender’, ‘Secret Admirer’ or similarly named senders.
    • A web address that appears odd – for example’ www.http:/‘ instead of ‘ http://www.’
  • Delete eCards from unknown sources.
  • Never open an attachment from an unknown source.
  • Never download from an unknown source.
  • Never click on a link in an eCard from an unknown source.
  • Remember than even eCards that appear to have been sent by someone you know, may have been sent to all of their contents by a Trojan.
  • Do not reply to or forward eCards which you suspect may be bogus.
  • Always read terms and conditions from eCard companies. (Some scams ask users to accept terms that include the fact that the company will access their address book and forward a message to everyone in it).
  • Do not make purchases or charity donations in response to eCards.
  • Check junk mail folders regularly in case a legitimate eCard gets through by mistake.
  • If you are suspicious of an eCard, you can check if it is on a list of known spam and scam emails that some internet security vendors feature on their websites.
  • Most Microsoft and other email clients come with spam filtering as standard. Ensure yours is switched on.
  • Most spam and junk filters can be set to allow email to be received from trusted sources, and blocked from untrusted sources.
  • When choosing a webmail account such as gmail, Hotmail and Yahoo! Mail, make sure you select one that includes spam filtering and that it remains switched on.
  • Most internet security packages include spam blocking. Ensure that yours is up to date and has this feature switched on.
  • Always ensure that you have antimalware software and a firewall loaded, updated and switched on.

See Also...

Jargon Buster

A Glossary of terms used in this article:


Software posing as an authentic application, which actually conceals an item of malware. Term comes from Trojan Horse in Greek mythology.

Identity theft

The crime of impersonating someone – by using their private information – for financial gain.