I’ve just received a malicious Christmas card – in June!

Christmas in the sunWe’re having an uncharacteristically sunny June day here in Britain, making it feel all the more incongruous to see Christmas cards are being sent out via email.

But you should be careful, because these aren’t just badly timed emails wishing you season’s greetings – these emails have a malicious payload designed to infect your Windows computers.

Here’s a typical example of the type of message that has been intercepted by SophosLabs:

Subject: You have received a Christmas Greeting Card!

Sign up to our free newsletter.
Security news, advice, and tips.

Message body:
You have just received a Christmas greeting card!
To see your custom card and who sent it, please click the attachment

Attached file: Christmas Card.zip

Christmas card malicious email

Although the email claims to come from 123greetings, a legitimate and well-known ecard website, the reality is that the bad guys have forged the headers in this email in an attempt to trick you into clicking on the attachment.

The danger is, of course, that you may be bemused by the notion of receiving a Christmas card in June and click on the attachment out of curiousity. That would be a big mistake, however, as it contains the Mal/CryptBox-A Trojan horse.

So you should have trusted your instincts. There’s always going to be something odd about a Christmas card arriving in June – and like any other unsolicited attachment it should be approached with caution.

Make sure that your anti-virus software and email protection is in place, and make sure you’ve had a good healthy helping of common sense next time you receive an out-of-season greeting.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.