Is Hallmark sending spam eCards?

Hallmark is one of several greeting card companies being targeted via fraudulent emails that are flooding the Internet. These emails claim to have a link to an ecard from a family member, friend or neighbor. Clicking on the link downloads a virus onto your computer that compromises personal data. Please read below to find out what you can do:

  • If you receive an email that uses a Hallmark header but doesn't appear to be from Hallmark, delete the email without opening it.
  • If you have opened it and want to forward it to us, send it to abuse@hallmark.com. Due to the large amount of email we receive at that address we will not be able to reply to your email, but we will investigate. Then delete the email from both your inbox and your sent folder. If you click on the link in the bogus email, you will launch a virus. This virus installs an Internet Relay (IRC) chat client and causes the infected computer to connect to an IRC channel. Attackers then use that connection to remotely command your machine for the purpose of gathering your personal information. An example of this virus is the Zapchast virus.
  • If you use Windows XP and Internet Explorer you should visit update.microsoft.com to update your browser and operating system. Then you will be less likely to be affected by the virus.
  • Report suspicious email to your email service provider so they can take action.
  • File a complaint at http://www.ic3.gov/.
  • While we cannot respond to any reported abuse, be assured we investigate any incident of potential misuse and take action if necessary.


If you are unsure if you've received as legitimate Hallmark ecard, don't click on a link in the email.
Follow these steps to open your ecard:

  1. Locate the confirmation number in the email.
  2. An ecard can be picked up by using  http://www.hallmarkecards.com/pickup/ecard
  3. Enter your email address and the confirmation number.
  4. Click View ECard.


What we are doing:

  • Contacting the Internet providers identified as the source of the spam requesting that they shut down the imposters.
  • Working with Microsoft to include the virus code in their phishing filter to protect consumers who use their web browser and email client software.
  • Working with anti-virus software corporations to get the virus code added to virus definition updates.
  • Reviewing ecard notification and pickup procedures.
  • Educating consumers about how to avoid ecard abuse.


How to tell if a Hallmark ecard notification is legitimate:

  • Hallmark ecard emails do not include any attachments. To be safe, if you receive an ecard notification with an attachment, delete it immediately then empty your "trash" or "deleted emails" from your email client.
  • A legitimate Hallmark email notification will come from the sender's email address, not Hallmarkecards.com.
  • The sender's first name and last name will appear in the subject line. If you do not recognize the name of the person sending the ecard, do not click on any links in the email. Delete the email.
  • The notification will include a link to the ecard on Hallmarkecards.com as well as a URL that can be pasted into a browser. The URL will begin with http://hallmarkecards.com/ followed by characters that identify the individual ecard.
  • Hallmark ecards are not downloaded and they are not .exe files.
  • Hallmark ecards will never require an ecard recipient to enter a username or password nor any other personal information to retrieve an ecard.


E-Mail Safety Tips

  • Don't open emails you know are spam. A code embedded in spam advertises that you opened the email and confirms your address is valid, which in turn can generate more spam.
  • Don't open emails from unknown senders.
  • Don't open attachments in emails unless you are expecting to receive one. If you receive an attachment that you are not expecting, even if it's from someone you know, first read the email and make sure the attachment is legitimate. If you're still not sure, call or email the sender to confirm, but do not reply to the original email.
  • Don't click on links in emails that appear to be from financial companies (PayPal, banks, credit card companies, etc.) that direct you to verify or confirm account details. Instead, call the company if you are concerned about your account.


Feedback and Knowledge Base