User need to be cautious and not click on links they find in e-mails, Allan said. Instead, they should go directly to a Web site by typing its address into a Web browser and go there on their own, bypassing links that could be malicious.
Vendors will have a tough time making the problem go away completely, he said, because they can't devise ways of evaluating every Web link or instance in an e-mail. However, they can improve detection of suspicious encoded characters and domain names in messages.
"If there was a silver bullet that could solve the problem, the antivirus companies would have done it," Allan said.
Zully Ramzan, a senior principal researcher at security vendor Symantec's security response team, said Symantec has seen plain-text attacks before and doesn't view them as a new problem.
"There's been a bit of a resurgence lately" with e-card notification messages, possibly because of last month's July 4 holiday or because criminal groups have been organizing mailing campaigns, he said.
Andrew Jaquith, a security analyst at Yankee Group Research, said the latest e-greeting attacks are an example that criminals "are going to be coming up with more and more ingenious ways of tricking people or exploiting ways of tricking your e-mail client. This is just one of any number of ways that these guys are going to try to lure users to do something they shouldn't."