How to know if your eCard is safe to open

They're quick, eco-friendly, and perfect for when you don't remember an occasion until the very last minute. But is your eCard safe to open? Before you fall victim to a phishing scam hiding behind something seemingly innocent and friendly, here's what you need to know to be sure your eCard is safe to open.

What is an eCard?

An eCard is a digital greeting card that's usually sent to someone by email. Some services now allow users to send an eCard in a text message. But no matter the method of sending, the card is not contained within the message itself, but instead includes a link where the recipient can view the eCard in their browser.

Most people know not to click on an unfamiliar link, but the reason phishing victims are on the rise is that cyber criminals have become extremely good at hiding malicious code in something well-intended and (apparently) harmless. An eCard is a perfect trojan because it gets your attention, it seems personal, and you usually won't think twice about opening it until it's too late.

So, how do you know when an eCard is safe to open? Just because it arrived on your birthday doesn't mean it's legitimate. Remember, there's a ton of personal information on the web — including birthdays and anniversaries — that cyber criminals use to their advantage. Take the following advice to avoid falling victim to their schemes.

Validate the sender name and subject

Before you even open an email, it's a good idea to get into the habit of checking who the sender is. Legitimate eCards that are safe to open are often sent from an eCard provider, and that's the name that typically shows in the "From" box. However, it may also show the sender's name.

Take a look at the subject line next. If the "From" line does not include the sender's name, the subject line usually does. For instance, the "From" line may read "eCards.com" and the subject line might read, "Sally Doe just sent you an eCard!"

If you don't recognize the sender, don't open the email. If you can't confirm who sent the eCard, open it with great caution and only on a device with malware and spyware protection in place.

Confirm the addressee and other details

If you open an eCard, you may let your guard down as soon as you see it's a bright, colorful, celebratory message, but that doesn't mean the eCard is safe to open. Remember that modern phishing campaigns have come a long way, so you need to take a moment to check it out before you click on any links it includes.

The first thing to do is look for personal information that helps validate it:

Does it include a "To" name and does that match your name?
Does it specify an occasion, and is that occasion happening soon?
Does it say who it's from? If it's a business, have you signed up for promotional emails from them?

To be extra sure the information you're seeing is accurate, examine the email source code or "headers" of the message. Most email providers make this easy. In Gmail, simply click the three dots and select "Show Original" from the menu.

If you can't give a definite "yes" to the above questions, there's a high probability this email is not legitimate or, at the very least, it's not important. Still, if you want to open it, don't click the link — there's one more step to take to make sure this eCard is safe to open.

Look for the confirmation code

Links may look innocent, so instead of clicking on it, look for the confirmation code that's written somewhere in the email. Usually, you can go directly to the eCard provider's website and enter this code to view your card, without clicking the link directly. You may also be able to enter your email on the website to view your card.

Before doing so, remember that you shouldn't click any links in the email, including those that supposedly lead to the eCard provider's website. First, you'll need to look up the eCard provider and make sure it's a real service, then you'll want to add the URL into your address bar.

Once on the site, you can look up and view your eCard. If you don't have a confirmation code in the email, and the eCard site doesn't allow you to look up your cards using your email address, you can refer back to the email.

If you're positive the eCard is legitimate and most likely safe to open, hover over any hyperlinks to view the destination. Instead of clicking, just copy/paste the link destination into your browser. This is a safer option than clicking on the link because it may have a redirect in it. If you've done your due diligence, you can now bask in the joy of your friendly greeting card.