E-card industry gets the message from fraudsters

The e-card industry began seeing some pretty unfriendly greetings this past June. That's when scammers started flooding e-mail in-boxes with fake greeting cards, trying to trick victims into clicking on links that would send them to malicious Web sites.

The goal is always the same: trick the victim into visiting an untrustworthy Web site, then try to hijack his or her computer and make it part of a larger "botnet" network that can be pressed into service for a variety of nefarious purposes. Often the e-card messages are extremely simple -- something like "Our Greeting System has a Labor Day card for you, go here to pick it up" -- but scammers have sent hundreds of millions of them over the past few months.

By July, Symantec tracked more than 250 million fake cards, and soon the mainstream press had picked up on the story. On August 23, "The Today Show" ran a segment highlighting the problem, warning its viewers to be wary of the cards they open.

All of that bad publicity has had at least a short-term effect on the public's willingness to use e-cards, according to Steve Ruschill general manager of Hallmark Interactive. "Overall we've probably seen a 10 percent decline in e-card sends," he said. "Within about a period of two weeks, especially when 'The Today Show' story hit... we just saw it kind of drop."

E-card use at Hallmark is starting to recover, and while the industry is now making some changes to respond to this problem, the fraud will probably not affect the e-card suppliers' bottom line, said Barbara Miller, a spokeswoman with The Greeting Card Association. "I'm not sure that it's having that much impact other than the real need for the industry to make sure that consumers are aware of how to avoid e-mail fraud," she said.

Certainly there has been customer confusion. During a three-week period around July, Miller found herself responding to more than 750 angry people who had received spam that purported to originate from her organization's Greetingcard.org domain. The Greeting Card Association is an industry organization that does not even send out e-cards, she noted.

Now two of the largest e-card distributors in the United States have begun forcing e-card senders to include their first and last names in an effort to make it easier for recipients to tell when these cards are coming from someone they know.

Late last week, AG.com's AmericanGreetings changed its e-cards to include the name and e-mail address of the sender in the body of the e-mail. "This basically just personalizes it so you know where the e-card is coming from, and so you know that it is a valid e-card," said Frank Cirillo, an AmericanGreetings spokesman.

Cirillo said that, unlike Hallmark, AmericanGreetings has not seen a drop in e-card usage over the past few months.

On Monday, Hallmark followed suit and is now forcing users to enter their first and last names in order to make it clear to the recipient that the card is really coming from a known sender.