With nearly a million titles available for its on-the-go readers, the Amazon Kindle and its associated e-book apps have revolutionized the reading world. Lately, however, they've also opened up an enticing new vector for online attacks.
The e-books available for purchase in Amazon's Kindle Store have — some would say — an advantage over physical books: Authors can include hyperlinks to websites. But according to the security website ZDNet, scammers are taking advantage of the technological text, directing readers' clicks to deceitful and malicious Web pages.
Because the Kindle has limited Internet browsing capabilities, any malware on the pages wouldn't affect users the device itself, though readers might fall for the scams. But there are Kindle apps for the iPhone, BlackBerry, Windows and Android phones, as well as for Macintosh and Windows computers. Anyone reading an e-book on some of those devices is susceptible to being infected.
While you're less likely to find malicious links in a popular, best-selling novel or newspaper, ZDNet said the scams are being spread instead through short, self-published e-books selling for $2.99.
In an attempt to buy a wedding-themed e-book for his fiancée, ZDNet's David Chernicoff said what he really purchased was "a thousand words of vacuous advice and hotlinks to online scams," including one embedded in a link that tried to charge him a subscription fee every two weeks.
Chernicoff received a refund, and the offending book was removed from the Kindle store, but 23 of the same author's books — Chernicoff didn't name him — remained available.
"Although I don’t expect Amazon to employ a corps of readers to evaluate the content of the eBooks that are found throughout the Kindle Store, it might behoove them to disable the ability to hotlink content from within these documents to minimize their potential as a vector for malicious software attacks," Chernicoff wrote.
Kindle readers can avoid falling for online scams by using common sense — if an offer sounds too good to be true, etc. As for readers of Kindle apps on Windows PCs and Android phones, it might be best to avoid clicking on links embedded in self-published e-books by unknown authors.