Attackers are increasingly using greeting card scams to foist trojans on the unsuspecting. Fortunately, there are some tell-tale signs and tips to follow that can help you avoid becoming a victim.

Be extra suspicious. Suspect a scam if (a) the greeting card doesn't address you by name; (b) the card sender's name isn't included in the body of the email; (c) the name isn't familiar; and (d) it's not a holiday, a birthday, or any other occasion that might warrant a card. If the card requires that you install a special viewer or tries to download a file to your system, treat it like a trojan. Cancel the download and scan your system with up to date antivirus software.

Be extra vigilant. If you receive a card from someone you know but you aren't quite sure it's legit, compose a new email to that person and ask if they sent you a card.

Don't reply using the email you received - the From address just might be bogus.

Typically, the bogus greeting cards try to trick you into downloading a trojan that then tries to download other malicious files to the system. Even worse, the trojan is often cross-infected with the Parite virus. One example of a cross-infected 'greeting card' trojan is Backdoor:IRC/Zapchast.AN.

There are two victims with these greeting card scams - the user who fell for it and the legitimate greeting card company whose good name was used to trick that user. For example, there have recently been several reports of these scams pretending to be from the legitimate - and quite harmless - Bluemountain Greeting Cards site. This is not the first time Bluemountain has been caught in the crosshairs - in 1999 they were the victim of a virus hoax that also tried to discredit their name.

As with all malware and social engineering scams, the best defense is a good offense. Be aware