The leaves have barely begun to change their hues, but that doesn’t mean it’s too early to start thinking about email attacks launched by Internet fraudsters during their favorite time of year–Christmas.

Holidays, special occasions and high visibility disasters always prime malicious spam campaigns and keep corporate email filtering systems busy, but Christmas is considered prime time for Web miscreants intent on bringing joy to their underworld and misery to the holiday season of others.

Because exchanging greeting cards is a common practice during the holidays, electronic greeting card scams remain popular. The typical card con will alert a target via email that he or she has been sent a holiday greeting from a mystery sender. The combination of the season–Christmas is the only time many people have an opportunity to catch-up on the year’s happenings with some acquaintances–and the lure of “who could be sending me an electronic card” are powerful inducements for someone to break protocol. The email instructs a recipient to click a link in the message to see the card, a link that leads to a site where a recipient’s sensitive personal information can be stolen or malware downloaded to his or her machine.

Valid Web site addresses are frequently used in the e-card messages, but they often have phony domain names. A typical malicious link might lead to a site that’s a direct ripoff of a genuine electronic greeting card site. On arriving at the site, a visitor is told that the cyber-outlet is testing a new Web feature and instructs the visitor to click on a button to test it. Clicking the link results in malware being downloaded to the target’s computer.

One way that legitimate greeting card companies have counted attacks on their business is requiring that both the name of the sender and recipient be included in any correspondence notifying someone that they’ve received a card. The requirement takes the pleasant surprise out of receiving an e-card, but it blunts the unpleasant surprises that arise without it.

As awareness of greeting card scams has grown, fraudsters have honed their message. It’s quite common, for instance, for the bait message to contain warnings about email cons in an attempt to make it appear as if the message is coming from a legitimate e-card retailer.

Hot gift items are another popular target of spam scum. Every year, there are hot gifts in great demand but in short supply. Scammers will take advantage of that situation by crafting emails announcing great deals on the hot gift. To take advantage of the deal, all a recipient needs to do is click a link. Once clicked, the email mark is taken to a bandit web site and electronically mugged.

Because of a surfeit of jolliness during the Christmas season, malicious spammers are unabashed about recycling transparent scams that would yield very little success at any other time of the year. One such con is the lottery scam. Targets receive a message saying that they’ve won a Christmas Lottery sponsored by a large, recognizable organization. They’re told that winners were chosen by picking random email addresses. A link is provided to collect their winnings. Click the link and…you get the picture.

Since Xmas is the time for giving, scammers like to solicit donations for charitable organizations. Those solicitation letters, though, usually lead to a bogus website and some form of theft and mischief perpetrated on a good soul intent on helping his or her fellow man.

In preparation of the Xmas uptick in nefarious spam  activity, email adminstrators should start dusting off their caution messages for users. While the warnings may seem repetitive to some, it doesn’t hurt to remind users about good security practices before dubious messages begin to appear in their inboxes. Such warnings should contain tried and true advice such as:

• Never open attachments from strangers, or from friends, colleagues or family who don’t ordinarily send you messages with attachments.
• Never click on Web links in email from strangers, or from institutions like banks, especially banks with which you don’t do business.
• Never forward a message to a large number of recipients at the request of an email sender, whether the sender be known or unknown. Oftentimes friends foward emails without forethought and after it’s too late to avert the adverse consequences of a malicious message.
• Always be suspicious of emails with bad spelling and syntax or which contain technical language intended to obfuscate, or emotional subjects tugging the heartstrings while tapping the wallet.

No doubt scammers will come up with a few new twists to their cons during this holiday season, but the basics of their schemes remain the same. With a little education and some good spam filters, an email administrator should be able to assure a safe and secure holiday season for his or her system’s users.