I’ve just received a malicious Christmas card – in June!

We’re having an uncharacteristically sunny June day here in Britain, making it feel all the more incongruous to see Christmas cards are being sent out via email.

But you should be careful, because these aren’t just badly timed emails wishing you season’s greetings – these emails have a malicious payload designed to infect your Windows computers.

Here’s a typical example of the type of message that has been intercepted by SophosLabs:

Subject: You have received a Christmas Greeting Card!

Message body:
You have just received a Christmas greeting card!
To see your custom card and who sent it, please click the attachment

Attached file: Christmas Card.zip

Although the email claims to come from 123greetings, a legitimate and well-known ecard website, the reality is that the bad guys have forged the headers in this email in an attempt to trick you into clicking on the…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.