Email purporting to be an eCard notification from a family member leads to a website that can download malware to the recipient’s computer.
Information about the genuine threat discussed below should not be confused with a bogus email hoax that claims that an email with an attachment entitled “POSTCARD” will destroy the hard drive of the infected computer.
Subject: You’ve received a postcard from a family member!
Your family member has sent you an ecard from [Link Removed].
Send free ecards from [Link Removed] with your choice of colors, words and music.
Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.
To view your ecard, choose from any of the following options:
Click on the following Internet address or copy & paste it into your browser’s address box.
Copy & paste the ecard number in the “View Your Card” box at
Your ecard number is
*If you would like to send someone an ecard, you can do so at
In late June 2007, many Internet users reported receiving eCard notifications like the one shown above. The emails claim that the recipient has been sent an eCard from a family member and instructs him or her to click a link in the message to view the card. However, the eCard is bogus and links in the message will lead to a website where malware may be clandestinely downloaded and installed on the recipient’s computer.
Varied website addresses are used in the fake eCards, but they generally have a “.hk” domain name.
Following links in the email opens a page that claims that the website is “currently testing a new browser feature” and asks the visitor to click another link, supposedly to view the eCard in its original format. Clicking this second link will download and install a number of malware components.
The eCard ruse is one that has been used a number of times in the past by malware distributors. They capitalize on the popularity of genuine eCard services that may send notification emails in a similar format. However, genuine eCards will normally include both the recipient’s and the sender’s names in the message.
Be very cautious of clicking on links in eCard notification messages, especially if they have generic references such as “a family member” or “a friend” and do not address you by name. In some cases, the scammers may disguise the real link in such messages so that it looks like it leads to a genuine and well-known eCard website. Therefore, it is always wise to check links in HTML emails before clicking.
Last updated: 26th February 2008
First published: 28th June 2007
By Brett M. Christensen