A Hallmark malware event

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

So, imagine you receive this email..

An email claiming to contain a link to a Hallmark ecard

What do you think? Safe or not?

Well, as you’re reading this blog you’re probably assuming that it’s something malicious, but you can’t actually tell that for sure from what I’ve shown you. Maybe your suspicions will have been raised by the spelling mistake (“Hackers be ashamed of yourselves! I before E except after C!”), but I suspect a lot will have missed that.

Sign up to our free newsletter.
Security news, advice, and tips.

You could hover your mouse over the link, and you might notice that the file being linked to isn’t on the real Hallmark website, and is – in fact – executable.

But would your mum be canny enough to do that? What about your son? Or your Aunty Hilda?

And that’s why these kind of malware distribution schemes still work. Not because of a flaw in the operating system or because what the hackers are doing is mind-boggingly sophisticated, but because the average Joe in the street thinks it’s worth the risk of clicking on a link in an unsolicited email to see an electronic greeting card.

All you can do is encourage your mum, son and favourite Aunt to keep their computer security up-to-date, be suspicious of unsolicited emails, and to perhaps consider the benefits of traditional paper greetings or a friendly phone call instead of ecards in future.

But are they listening? Somehow I doubt it.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.