Has the E-Card Scam Storm Blown Over?

E-mail greeting card scams popular during the summer months seem to have lost their luster for information highwaymen.

"We've seen an awful lot of greeting card malware in the last couple of months, but scammers have moved on to new techniques, simply because there was so much of it about that it stopped being a very effective way to infect people," Graham Cluley, a senior technology consultant with IT security and control company Sophos in Burlington, Mass., told the E-Commerce Times.

"Normally, it's a very good way of fooling people into being infected," he added. "Who doesn't want to receive a letter out of the blue, particularly if you don't know who it's from? People are curious. Natural curiosity killed the cat and it may very well kill your computer."

FBI Issues Warning

Greeting card scams became so rampant at the start of the summer that the FBI issued a public warning about the practice.

"If you get an e-mail claiming you've received an e-card from a generic 'friend' or 'family member' rather than from someone whose name or personal e-mail address you recognize, the e-mail is fraudulent and should be immediately deleted," John Hambrick, unit chief of the FBI's Internet Crime Complaint Center said in a statement issued July 25. "Do not follow any of the instructions in the e-mail or click on any link."

The statement explained that fraudulent e-mails claiming to contain an electronic greeting card from an unnamed individual, such as a "friend" or "classmate," were flooding e-mail boxes everywhere.

These "phishing" e-mails, it continued, which falsely claim to be from legitimate greeting card companies, instruct consumers to click on a link in the e-mail message to view their e-card. Clicking on the link can potentially introduce a virus into a consumer's computer.

Moving to Beyonce

As the summer ended, though, scammers moved on to other things, Cluley, of Sophos, maintained. "Recently, they've been offering things like links to the latest Beyonce video or links to free computer games," he said.

Greeting card and related attacks jumped from six percent of all spam in July to seven percent in August, but early indications are that volumes have dropped in September, according to Doug Bowers, senior director of anti-abuse engineering for Symantec (Nasdaq: SYMC) in Cupertino, Calif.

"We're seeing the same kind of attack, but it's not always about greeting cards now," he told the E-Commerce Times. "We've seen examples that reference YouTube videos. We've seen examples that play off the start of the NFL season that say, 'Come play in our fantasy football league.'"

Minimal Financial Impact

Since many of the some 500 million electronic greeting cards sent worldwide annually are paid for through subscription services, scamming the practice could potentially impact the bottom line of companies like American Greetings (NYSE: AM) and Hallmark Interactive.

"We don't really see that there has been that much impact, other than a loss of good will," Barbara Miller, a spokesperson for the Greeting Card Association in Washington, D.C. told the E-Commerce Times.

"We haven't seen anything major," she continued. "At one point, Hallmark saw a drop, but it seemed to be temporary. American Greetings hasn't seen any impact on their site."

Fighting Scammers

A major weapon used to combat the scams has been education, Miller said.

"What we're trying to do as an industry is inform consumers as to some of the precautions they need to take to avoid being victims of scammers," she explained.

Card makers, she noted, are encouraging senders to use their full name when sending cards and that card recipients open cards or click links only if they recognize the sender's name.

"If you're in any way sitting on the fence about it," she added, "you should go to the source of the e-card and pick it up there."

Hallmark may go beyond education in ensuring the integrity of its e-cards. It plans to announce those measures Monday, revealed Hallmark spokesperson Julie O'Dell.

"We plan to deploy some new security measures to help both senders and recipients know that their electronic cards are safe and from who they believe they're from," she said. However, she would not disclose further details about those measures at this time.