Can you trust that Hallmark e-card?

analysis

Sep 23, 20093 mins

Computers and PeripheralsEndpoint ProtectionNetworking

Here's how to tell the real cards from the bad ones.

Everyone likes getting cards. I’d prefer paper-cards to an e-card, but hey, I’m not choosy. Any card is still a sign that someone’s thinking well of me. Except, of course, when it’s not really from a friend, but a soul-less bot trying to infect my computer with the latest malware.

In particular, it seems like a day doesn’t go by that I get a Hallmark e-card in my e-mail, and every last one of them has been spam message bearing malware or an attempt to get me to link to a malicious Website. I’m not the only one.

A quick look over the Web showed me that Hallmark malware spam seems to come in waves. And, yes, we’re getting another tidal wave of them now. As the holiday season approaches, I’m sure we’ll only see more of them.

As it happens, Hallmark does sell real e-cards, so you can’t just delete every e-mail that comes along that proclaims it’s a Hallmark card. Fortunately, there are ways to tell the real cards from the bad ones.

Hallmark’s own list of how to tell if an e-card has really been sent to you by a friend is a good start. Hallmark’s list includes:

1. Hallmark e-card e-mails do not include any attachments. To be safe, if you receive an e-card notification with an attachment delete it immediately then empty your “trash” or “deleted e-mails” from your email client.

2. A legitimate Hallmark e-mail notification will come from the sender’s e-mail address, not Hallmark.com.

3. The sender’s first name and last name will appear in the subject line. If you do not recognize the name of the person sending the E-Card, do not click on any links in the e-mail. Delete the e-mail.

4. The notification will include a link to the E-Card on Hallmark.com as well as a URL that can be pasted into a browser.

5. The URL will begin with http://hallmark.com/ followed by characters that identify the individual E-Card.

6. Hallmark E-Cards are not downloaded and they are not .exe files.

7. In addition, Hallmark.com will never require an E-Card recipient to enter a user name or password nor any other personal information to retrieve an E-Card.

To these, I’ll add those old basics of never opening e-mail from a stranger and never, ever open attachments or click links from people or groups you don’t know. Sure, it might really be from someone you want to hear from but the odds are orders of magnitude higher that it’s from a spammer.

It would be nice if we could trust our e-mail, but sadly, when it comes to e-mail in 2009, paranoia is the best approach.

by Steven Vaughan-Nichols

Follow Steven Vaughan-Nichols on LinkedIn

Steven J. Vaughan-Nichols has been writing about technology and the business of technology since CP/M-80 was the cutting-edge PC operating system, 300bps was a fast Internet connection, WordStar was the state-of-the-art word processor, and we liked it!

Steven is a regular contributor to Computerworld, ZDNET, The Register and The New Stack. He has written for technical publications (IEEE Computer, ACM NetWorker); tech business publications (eWEEK, InformationWeek, & InfoWorld); popular technology (PC Magazine, & PC World); and the mainstream press (CBS News, Washington Post, San Francisco Chronicle & The New York Times).

He won back-to-back Tabbie Awards in 2022 and 2023 for his Computerworld Business Critical Newsletter and too many AZBEE Awards to count.