If you received an email that appeared to be from Amazon and contained a holiday gift card someone had sent you, what would you do? There's a very real possibility you'd take the bait and open the "gift," which is the driving force behind a phishing campaign spotted by researchers at the security firm AppRiver.
In an email titled, "Your gift card order," the message, full of spotty grammar, reads, "You have received a gift card in the amount of $250. An offer of the gift card is valid until December 7. Take a chance and use our gift card, and as a bonus we will deliver your order free of charge." The reward is attached as a file labeled, simply enough, "Gift‑Card.zip."
"Of course with all the online shopping, gift giving/receiving this time of year, there is an added aura of authenticity to these messages," AppRiver's Troy Gill wrote. "In fact, I ordered an Amazon gift card just yesterday."
[Don’t Buy It! Amazon Phishing Scam Threatens 'Account Expiration']
The gift card, which most likely comes as a total surprise, is of course the lure, and clicking the link to redeem it actually infects computers with a Trojan downloader capable of silently installing malware.
Another email scam, spotted by researchers at the security company Sophos, isn't as enticing as a free gift card, but could have similarly devastating effects on an unsuspecting victim' computer.
The malware campaign attempts to trick people into downloading what they think is an upgrade for Adobe Acrobat and Adobe X. The email subject is "Adobe Software Upgrade Notification," and comes from the email address no-reply@adobe.com.
The attached .zip file hides a version of the Zeus Trojan, built to harvest a victim's banking credentials.
"Computer users need to learn that Adobe never sends up software updates as an email attachment, and any legitimate upgrades should always be downloaded from Adobe's own website," Sophos' Graham Cluley wrote.
This security lesson applies to any unsolicited messages you may receive, especially in the run-up to the holidays, when online crooks are pushing out batches of phishing emails in the hopes of snaring a fraction of the millions of people doing their shopping online. If you get an email offering something that sounds too good to be true, don't open it. The same advice goes for any "critical" security update you didn't ask for. For a detailed rundown of what to expect while shopping online, and how to avoid scammers in the process, click here.