I always tell users to be very certain of any attachments, not only checking who they’re from, but being certain that the person in question intentionally sent them.
This e-card greeting spam (Washington Post article) should remind you of another thing: Links in an e-mail don’t necessarily go where the text says they go. Be very certain. Legitimate greeting cards will give you a way to go to their site by typing their URL into your browser. When you click, be sure you’re going where you think you are.
McAfee’s Site Advisor (http://www.siteadvisor.com) is a major help if you don’t want to have to continually study the address bar. I have found some relatively safe sites that it warns about, generally because of excessive e-mails, but that warning is worth having.
