Christmas time is essentially connected with buying presents. There’s a lot of stuff to be done and a lot of opportunities to buy a present in an e-shop to save time. Who doesn’t know someone who buys a Christmas gift online?
The malware authors know and are very keen to take advantage of it. We see scam emails containing order or delivery details every day and they have a lot of common. In fact, it’s nothing new. Such methods are used constantly during the year, it’s nothing special connected to Christmas. However, Christmas is the reason why many people might be fooled. Let’s look at them in detail.
Imagine you are customer waiting for a present to be delivered. You get anxious and check your email waiting for order details. You are probably the most vulnerable at this time. Then you get an email from DHL, the well-known parcel delivery service, with a notice saying that the shipping details are in an attachment. In that moment of relief, you click on the email attachment. It turns out to be a zip file containing a file named DHL-parcel.exe. The strange thing is the file extension looks like regular PDF file because it has the same icon. In fact, it is malware.
It mostly happens in London, but I have seen it happen in Manila and Madrid too. My friends seem to travel a lot, and according to the tear-drenched emails, they have a tendency to get mugged. You might have seen it too – the “Stranded Traveler” message from a friend that goes something like this:
I’m writing this email with tears in my eyes, I came down to London for a program unfortunately, i was mugged at the park of the hotel where i stayed, all cash, credit and cell were stolen off me but luckily for me i still have my passport with me, I have no access to my account. I have been to the embassy and the police here but they are not helping issue at all and my flight leaves tomorrow night but i am having problems settling the hotel bills and the hotel manager won’t let me leave until i settle the bills. Am freaked out at the moment. I need about 2,250 pounds or any amount you can lend me to sort-out the bills, i will refund you as soon as i get back home.
I remember the first time I saw the message. It alarmed me with its urgency, and I felt compelled to help my friend get out of the mess. Questions about how to wire money to her darted through my mind. But then I remembered that I had just seen her post something on Facebook hours before, and she was most definitely not in London getting mugged.
Here’s what happened: Cybercrooks hacked into my friend’s Facebook and Yahoo accounts. They stole her identity, address books, changed her passwords, then sent out a message to all of her contacts using her email address.
This scam has happened so frequently, and there have been so many complaints, that the FBI issued a warning – over 2 years ago! Amazingly, the scam is still making its way through cyberspace (our CEO received one the other day), and the FBI says that they now have about 150,000 complaints on file. ABC’s Nightline actually answered one of the emails this summer and tracked what happened next. Read their account and watch the video here.
To avoid being a victim of this scam
- Secure your passwords on all your email and social media accounts. If you have lots of user names and passwords to remember, you might like a password management system like avast! EasyPass.
- Avoid clicking attachments in unknown emails.
- If you get an email like this, call your friend to verify the authenticity of the message.
- Scam victims should file a complaint with the FBI at www.ic3.gov.