Kathy Tyson's e-mail box is reeling from the holidays.

Shortly after Thanksgiving, this real estate agent from Smyrna, Tenn., received three e-cards in the same week -- all from strangers.

"By the time I got the second one, it was pretty clear that these were just spam," she says. "I can't prove that they were sent by bad people, but they definitely weren't friendly sources. I just deleted them."

Smart move, say experts.

E-cards can spread cheer, cheesy humor and, unfortunately, computer viruses. Spammers and hackers continually shift their strategies to match the calendar. And this time of year, they often hide behind season's greetings.

While malicious e-cards are not a new problem, their numbers have grown, their tactics have improved and their victims are still falling for it.

Even Tyson admits that she was duped by that first e-mail, clicking on a link that promised to load the card.

"But I think my computer blocked it -- thankfully," she says.

The phony e-mail could have led to anything from a shopping Web site desperate for advertising to malevolent software eager to sneak onto her PC.

Legitimate e-cards do exist, of course.

This year, 500 million authentic online greetings have been sent worldwide, according to estimates from the Greeting Card Association. American Greetings, the largest e-card publisher, saw a 23 percent rise in the number of electronic messages sent this year compared with 2006.

Paper cards still outnumber their electronic cousins 20 to 1. And Hallmark spokeswoman Julie O'Dell says the company has yet to see e-cards eat away at its traditional business.

Nonetheless, just as mailboxes fill up with catalogs and holiday cards each December, e-mail in-boxes can expect a similar flood of spam.

As he tracks the flow of junk mail from month to month, David Cowings sees very few spikes. Cowings is a senior manager at the computer security firm Symantec in Austin, Texas. A "spike" assumes that, after shooting up, the rate drops back down.

In fact, the number of spam messages climbs steadily year-round, rises faster each winter, and then continues at that elevated level after the holidays, he says.

It's hard to estimate how much of that junk mail is fake e-cards. But many spam experts agree that the proportion of online greetings surely snowballs each winter.

"It's all a matter of social engineering," says Nick Newman, a computer crime specialist at the National White Collar Crime Center in Richmond, Va. "Since people are expecting to receive cards around Christmas, spammers take advantage of it" and craft their e-mail to match the moment.

"Remember, the most successful e-mail virus of all had the subject line 'I LOVE YOU,'" says David Perry, director of education at Trend Micro. "People respond to 'Merry Christmas' just as well."

One suspicious e-card crawling the Web this year tries to exploit users' feistier side. When opened, the e-mail loads an image of a rascal throwing a snowball at your screen. "You have just been hit with an e-mail snowball!" reads the card, which Symantec included in its December spam report. The card tells readers to forward it on to friends and share the fun.

The snowball card itself is harmless, but it's likely part of a larger scheme. "Each time the e-mail is read, a request is sent to the server hosting the image, and the user's e-mail address is stored … on the spammer's server," says the Symantec report. So, next time the spammer wants to send out junk mail, he has a fresh list of addresses.

Another of this year's crop put a professional polish on an old trick. The card used Hallmark's official logo and a convincing e-card template to hide its intentions. All the links led to Hallmark.com, except the line "To see it, click here." That link would download a program onto your computer that unlocks the PC to hackers.

Here are some ways to sniff out the safe e-cards from the harmful ones:

• Check who sent it. Don't open anything from someone you don't know, says Max Weinstein, a project manager at StopBadware.org.

"If it just says that you got a card from a 'friend' or 'family member,' assume it's spam," he says. "Real e-cards will say the name and probably the e-mail address of the sender." This first rule should apply to all e-mail, he adds.

• Look for verification codes. Along with links, most big e-card companies now include individualized numbers with each greeting. That way, if you're worried about where a hyperlink might lead, you can go to, say, Hallmark.com directly and type in the code to receive your e-card. That way, you stay within the safety of their Web site.

• Beware of other holiday scams. With online shopping reaching record highs this year, fraud experts expect a similar rise in "phishing" schemes. Last December, the Federal Trade Commission received 24,000 reports of Web sites attempting to fool users into giving up their credit-card information.

• Don't let down your guard after New Year's. Last July, the FBI issued a warning of "Internet fraud schemes" tied to e-greetings after they "received a rising number of complaints from citizens over the past few weeks."

"These spam e-mail messages are hoaxes," the warning says, "and should be immediately deleted."