Skip to Content

Is that online greeting card really a secret keylogger?

Despite having text messaging, voice calling and video chat, email is still one of the most popular ways to communicate with friends, family or for business. Unfortunately, like every other good thing, criminals have ways to use it for evil.

We’ve warned you about email phishing scams before. These pretend to be one thing, such as an email from a major company or friend, but really are meant to trick you into giving away information or downloading a malicious virus.

A type of virus that hackers are increasingly using phishing emails to deliver is the keylogger. These are great at stealing information and helping criminals to take over your identity.

Luckily, we have a few tips that will help you know which emails to avoid so you aren’t infected, and how to protect yourself if you don’t catch one until it’s too late. Let’s start with a closer look at keyloggers.


Keyloggers are a type of software that tracks everything you type into your computer, including usernames, passwords and your Social Security number. More advanced ones even take pictures of what’s on your screen.

That’s scary stuff because we do most of our business online these days. Scammers can use keyloggers to steal your login information for banks and credit cards. Then they can use this information to access your accounts and transfer your money. They can also use this software to steal sensitive information from your business.

Keyloggers are very hard to detect after they’re installed, which is why you want strong security software to catch it before it can activate. You can use a security software that detects and removes a keylogger after it’s installed, but by that time hackers might already have your information.

If a keylogger is found, have the security software remove it, then you’ll need to change all your account passwords to keep hackers out. Unfortunately, if you’ve used your credit card online, or even typed your Social Security number, your identity is at serious risk.

As we said, it’s better to catch a keylogger before it installs, and you want your security software to be the last line of defense, not the first. That’s why you need to know how to spot a keylogger-containing email and delete it before the worst happens.

We’re going to look at one of the fastest spreading ways hackers disguise keyloggers.

Greeting Cards

Email greeting cards, or e-cards, are one of the most popular ways for people to send birthday cards, invitations, and other holiday announcements. They are usually free and you can get really creative with them.

Unfortunately, e-cards are so fun and seemingly harmless that you’re likely to click on a “see your e-card” link without thinking. That’s why hackers send you fake ones with a link to a malicious file or a malicious site.

Luckily, fake e-cards aren’t too hard to spot if you know what to look for. Many spelling errors in the email are a giveaway. Also, if the email doesn’t tell you who sent the card, or you don’t recognize the person, then that’s a problem.

Some emails simply tell you to follow a link to download the card or card-viewing software. This is a huge red flag because trustworthy e-card companies don’t require you to download any attachments, downloads or plug-ins.

Many legitimate e-card emails give you the option of manually visiting the site and punching a code to see the card. That’s much safer than clicking on a link. However, if you don’t recognize the card company, be sure to throw the name into Google first to make sure it isn’t a scam.

To avoid e-card scams, mostly use common sense. Don’t open suspicious emails and never download anything from a strange source.

If you aren’t sure if a card is real or not, just call the friend or family member who sent it and make sure it’s genuine. If you don’t know the sender, then trash it.

Other Phishing Scams

Greeting cards aren’t the only emails you have to watch out for. Scammers are also sending out fake emails that look like they’re from your bank or other trusted internet sources like retailers and e-commerce companies. Amazon, PayPal and eBay users have all fallen victim to these scams.

Just like the greeting card scam, these emails will usually contain a link that the sender wants you to click. They will try to convince you to follow the link by warning you about a possible security breach in your account or making up some other reason. They use these scare tactics to make you nervous so that you’ll act quickly.

The link will then lead you to a webpage designed to look like it belongs to a real business that you trust like your bank or PayPal. It might ask you to enter your login information directly into the site to verify your account. Once you’ve entered your info, it is sent straight to the scammers and your account is no longer safe.

The link could also lead you to a website that will try to convince you to download a plug-in or new software to keep your account safe. Just like the other email scam, this download will actually contain spyware or keyloggers that can damage your computer and steal your personal information.

You should always be careful with emails that ask you to enter personal information or redirect you to login pages, even if you think it is from a source that you trust. Scammers are great at creating emails and webpages that look legit but are full of hazards.

How to protect your information

The easiest way to protect yourself from these attacks is to simply spot offending emails before they have the chance to steal your information. See if you can spot the five things wrong with most phishing emails.

And remember, banks, e-commerce sites and e-card companies do not ask you to download software or plug-ins. If an email leads you to a download page, you know something is up. Exit out of the page, mark the email as spam and delete it.

You should also have a backup plan in place in case you get fooled. A hacker with your identity might not do something noticeable right away. You might not even realize your identity is stolen until you can’t get a loan or a collection agency comes calling for purchases you never made.

Frequently check your bank accounts to look for suspicious activity. If you see any transactions that you don’t recognize, report it immediately to your bank.

More tips you can’t miss:

5 questions to ask before clicking ANY link

How to keep your passwords in the right hands in case tragedy strikes

5 things you’re doing that put your financial life at risk

Ambassador Program background

Refer friends, earn rewards!

Why not share your new source of digital-lifestyle news, tips and advice with others? When your friends and family subscribe to Kim's free newsletters, you earn points toward awesome rewards!

Get Rewarded