These Christmas gifts and greetings are the worst

December 21, 2018

All holidays involve some fuss and bother, and Christmas and New Year are probably the fussiest of all: You have to buy gifts, plan gatherings, cook food a week in advance, and remember well-wishes for family and friends. For scammers, it’s also a holiday — and a more enjoyable one at that. Because people are rushing round trying to do a million things at once, they relax their vigilance and become sitting ducks. In this post we look at two money-making schemes being used by scammers this season against people distracted by Christmas preparations.

Gift card malware

These days, gift cards are a universal solution to gift-giving quandaries. If you don’t know what to give someone, a gift card for a popular store will do nicely. And if you get a card for a store you never use, you can always regift it.

So when you receive a message saying that an unknown someone has given you an Amazon or Apple gift card, that seems like a nice surprise. But shouldn’t you stop and wonder why a stranger would go to the trouble and expense?

The first thing that should arouse suspicion is the address the letter was sent from. The message might look as if it came from Apple, Amazon, or some other store, yet the sender’s address clearly indicates a public mail service such as Gmail or Hotmail.

The second reason to be doubtful is the document attached to the letter. The message says that you can receive your shiny new gift card by following the instructions in the DOC file attached — but it’s not a set of instructions; it’s a Trojan. Trojan-PSW.Win32.Azorult, to be precise.

Don’t think that DOC attachments are harmless — they can contain macros for downloading malware. E-mail attachments with all kinds of extensions (ZIP, RAR, PUB, PIF, ACE, etc.) have been going around recently in spam, and if the extension looks unfamiliar to you or, on the contrary, if you often work with such files, extreme caution is called for.

It may be the season of goodwill, but it’s unlikely that a kind-hearted stranger sent you a gift card; the chances that scammers are trying to slip you malware are somewhat higher. If downloaded, the Trojan will try to steal your accounts and personal data, which is probably not what you want from Santa. Ignore such messages as spam.Sample gift card scam that appears to be from Amazon or Apple. File attachment contains Azorult malware

Malicious e-cards

Electronic greetings cards are popular with Internet users — one e-card with a standard platitude sent to all contacts is a great time-saver. Don’t be offended by such an impersonal greeting, be thankful it doesn’t contain something worse. Under the guise of e-cards, cybercriminals can send malicious files, such as Trojan-Banker.Win32.Emotet.

To spot a fake, first check out the sender’s address. If it looks unfamiliar, it’s a good idea to delete the message right away — and never, ever open any attachments. If the address is known to you, but the message is not typical for the sender, don’t hastily open the attachment either. In most cases, regrettably, it’s not that hard to hack someone’s account, and sending malicious e-mails to your contacts is even simpler. In general, be wary of e-cards, especially any that are not just a JPEG or PNG image.Sample e-card containing the Emotet banking Trojan

Handy services help users send bulk e-cards to friends, family, and acquaintances — but they work just as well for cybercriminals, who artfully exploit them. For scammers, well-known companies are a means for netting victims, and the popularity of such greetings only improves the chances of success. Besides, faking messages from well-known services is not very complicated.

So, if you received an e-card supposedly from a well-known service, but the sender’s address looks odd or the card itself is in an attachment (plus the message doesn’t say who it came from), it’s better to delete it and stay well clear of the attachment. It is likely to contain malware, such as Backdoor.Win32.Androm, which turns your computer into a part of a global botnet.A sample Hallmark e-card, sender unclear; opened, it spreads Backdoor.Win32.Androm, which zombifies computers.

What to do

To stop scammers from spoiling your Christmas dinner, we advise you to remain vigilant and follow these rules:

  1. Be very cautious and do not open attachments in suspicious e-mails, even if they contain seemingly innocuous gift or greetings cards. Consider a message suspicious if it was sent anonymously or by someone unknown, or if it seems to come from a known service but the sender’s address indicates otherwise.
  2. Don’t trust messages about unexpected gifts or prizes during the holiday season (or ever). It’s just another cybercriminal ruse. The exception is messages from official stores with discounts, bonuses, and coupons (but they will never offer you anything completely free).
  3. Use robust security solutions with antispam capability.