«

»

Dec 08

New December Internet Scams Use Phony Adobe Updates and Amazon Gift Cards to Lure Victims

Categories:

cloud services, drive imaging, facebook, hard drive decryption, hard drive encryption, hosting, infections, internet security, M.S.P., Mac, Malware News, Managed Services, Mnaged Services Program, News, News and Updates, phishing, Social Networks, V.A.R., Value Added Reseller, VAR, Windows XP updates

by mwest

If you received an email that appeared to be from Amazon and contained a holiday gift card someone had sent you, what would you do? There’s a very real possibility you’d take the bait and open the “gift,” which is the driving force behind a phishing campaign spotted by researchers at the security firm AppRiver.

In an email titled, “Your gift card order,” the message, full of spotty grammar, reads, “You have received a gift card in the amount of $250. An offer of the gift card is valid until December 7. Take a chance and use our gift card, and as a bonus we will deliver your order free of charge.” The reward is attached as a file labeled, simply enough, “Gift‑Card.zip.”

“Of course with all the online shopping, gift giving/receiving this time of year, there is an added aura of authenticity to these messages,” AppRiver’s Troy Gill wrote. “In fact, I ordered an Amazon gift card just yesterday.”

The gift card, which most likely comes as a total surprise, is of course the lure, and clicking the link to redeem it actually infects computers with a Trojan downloader capable of silently installing malware.

Another email scam, spotted by researchers at the security company Sophos, isn’t as enticing as a free gift card, but could have similarly devastating effects on an unsuspecting victim’ computer.

The malware campaign attempts to trick people into downloading what they think is an upgrade for Adobe Acrobat and Adobe X. The email subject is “Adobe Software Upgrade Notification,” and comes from the email address no-reply@adobe.com.

The attached .zip file hides a version of the Zeus Trojan, built to harvest a victim’s banking credentials.

This security lesson applies to any unsolicited messages you may receive, especially in the run-up to the holidays, when online crooks are pushing out batches of phishing emails in the hopes of snaring a fraction of the millions of people doing their shopping online. If you get an email offering something that sounds too good to be true, don’t open it. The same advice goes for any “critical” security update you didn’t ask for.

This post has no tag