This one is not new, but because of the upcoming holiday season, it will be a recurring problem every year. You should notify everybody on your team to be careful of emailed greeting cards.

What is the risk?

This kind of email is really a sneaky way to get you to visit a site that may just want you to buy something you didn't want (like pharmaceuticals), or the site may have an embedded "Drive-By Download" that could try to exploit a vulnerability in your browser, and install a key logger or rootkit that can completely take over your computer and spread attacks on your network.

Will your anti-virus program protect you?

Don't count on your anti-virus or anti-spyware program to catch it. Recent tests show that these programs still catch only a low percentage of known viruses, and even fewer "Zero-Day" exploits that can occur before the vendors even know about them.

What can you do to protect yourself?

The most effective ways to defend against this type of phishing email are:

1. Always make sure your email client (like Outlook) is set to have PREVIEW MODE TURNED OFF. If it is on, some threats in the message could be activated when you simply select the subject line in your inbox (without even opening it).
2. Also, make sure your email client has AUTOMATIC IMAGE LOADING turned off. Once again, if you don't do this, the links in these emails will be activated as soon as you view the message.
3. If you have done 2 and 3 above, when you open a message, it will look ugly, but you will be able to check the links in the email to see what sites they actually point to. In most recent versions of email clients, like Outlook, moving the cursor over a link will cause a "pop-up tip" that shows you the real link.
4. If the real link is different from the originally visible link, it is very suspect. DON'T CLICK ON IT.
5. If the real link looks like a real site, like PAYPAL.COM, make sure the characters in the URL are exactly what they should be. A common substitution is to use the number "1" instead of a lower case letter "L", which look very similar. Even a hyphen or mixed up combinations of "i" and "l" can be hard to catch. The phishing scammers depend on people to miss these subtle differences.
   

What does it look like?

The subject line may appear as:

You've received A Hallmark E-Card!

The card looks authentic, in that it even has some instructions regarding taking security precautions, but still has a hidden link in it. While the text of the message looks like the link will take you to the Hallmark website, IT WILL NOT.

Here's a copy of the visible text in a message I received:

   
----------

If you recognize this name, click the link to see your E-Card.
http://www.hallmark.com/ECardWeb/ECV.jsp?a=EG0694272732475M245925860Y&product_id=   
    
If this name is not familiar to you and you're concerned about online security, please use the following steps:   

         
Visit http://www.hallmark.com/getecard
Enter your e-mail address in the Original Recipient.s E-Mail Address box.
Enter EG0694262772

-----------

The links may appear correct above, but in the email, because it was created in HTML, the actual links are different, and will take you to a different site.

One of the actual links in the email I got goes to an EXECUTABLE file, which could end up launching a virus or other dangerous file on your system.