It can be bit of holiday cheer in a bleak year: You get a text or email saying someone sent you a holiday card. "Click here to claim it."
“Because you’re really excited about Christmas and, of course, that actually has been a bit enhanced by the pandemic, and so you’re really excited to hear from somebody,” said Max Kilger, a UTSA cybersecurity associate professor and director of the university's data analytics program.
That somebody is most likely a schemer. Here is what happens when you try to read your card:
“It will take you to a website or take you somewhere where malware will get downloaded on to your computer,” Kilger said. “That malware will often have key loggers that will look for financial credentials or credit card number and things like that."
“They want to get your personal information,” added Michael Skiba, known as Dr. Fraud. “So as soon as you engage in that click, ‘Get the card here,’ that’s when it just opens up your system to so many vulnerabilities—personal data, keystrokes, passwords. They can infiltrate your social media from there. So it’s very, very dangerous.”
It gives you nothing but the gift of identity theft. E-cards sent by text can be especially dangerous, explains Phil Menard, a UTSA assistant professor of information systems and cybersecurity.
“Emails have filtering and spam blockers already built in, whereas text services don’t,” he said. “So you’re getting more potentially malicious activity coming through your text. The other thing is that people don’t have antivirus software installed in their smartphones at the same rate that they do on their desktop or laptop machines.”
Skiba explains the information a schemer can get off your cell phone is almost infinite.
“Your contact list, email list, texting,” he said. “I mean, on my phone I have my bank account information, my apps. Everyone is going to online transactions, especially now being that we can’t get physically in places. So there’s just so much information that can be compromised on your phone, in my opinion. You know, the phone is probably higher risk than opening up on your laptop or your regular desktop computer.”
Menard said his best advice is do not click on any links in texts or emails that you are not 100% sure are legitimate.
“If you’re getting a text from a number that you don’t recognize and it has a link embedded into it, that should be a big red flag right there,” he said.
So how can you tell if that card is from a friend or foe? Do not let a familiar name fool you.
“If you recognize the name, if it’s personalized to some extent, that’s helpful," Kilger said. "But not necessarily a guarantee of safety."
Instead, go to a trusted website. Skiba explains the safest way to get your greeting:
“Let’s say it’s from Hallmark,” he said. “There’s always a code provided in that actual card. I’ll keep the code, go into the legitimate site, Hallmark.com and there’s always a section in there that says review card or did you receive a card and you can put in the code. If it’s legit, the card is going to pop right up.”
Kilger said that, even if you recognized the sender, you might just want to ignore the e-card.
“I generally just avoid them because it is just never a really fabulous idea to open things that you’re not expecting in your email," he said.
'Tis is the season to be merry, but also to be very wary of crooks sending you a card that will take the joy out of the holidays.
If you have a question for Eyewitness Wants To Know, email us at EWTK@kens5.com or call us at 210-377-8647.