New Scams use fake Amazon gift cards, Adobe updates to lure victims

[Bearcat]

Clicking redeeming links will lead to malware, harvesting of banking credentials


If you received an email that appeared to be from Amazon and contained a holiday gift card someone had sent you, what would you do? There's a very real possibility you'd take the bait and open the "gift," which is the driving force behind a phishing campaign spotted by researchers at the security firm AppRiver.

In an email titled, "Your gift card order," the message, full of spotty grammar, reads, "You have received a gift card in the amount of $250. An offer of the gift card is valid until December 7. Take a chance and use our gift card, and as a bonus we will deliver your order free of charge." The reward is attached as a file labeled, simply enough, "Gift‑Card.zip."

"Of course with all the online shopping, gift giving/receiving this time of year, there is an added aura of authenticity to these messages," AppRiver's Troy Gill wrote. "In fact, I ordered an Amazon gift card just yesterday."

[Don’t Buy It! Amazon Phishing Scam Threatens 'Account Expiration']

The gift card, which most likely comes as a total surprise, is of course the lure, and clicking the link to redeem it actually infects computers with a Trojan downloader capable of silently installing malware.

Another email scam, spotted by researchers at the security company Sophos, isn't as enticing as a free gift card, but could have similarly devastating effects on an unsuspecting victim' computer.

The malware campaign attempts to trick people into downloading what they think is an upgrade for Adobe Acrobat and Adobe X. The email subject is "Adobe Software Upgrade Notification," and comes from the email address no-reply@adobe.com.

The attached .zip file hides a version of the Zeus Trojan, built to harvest a victim's banking credentials.
"Computer users need to learn that Adobe never sends up software updates as an email attachment, and any legitimate upgrades should always be downloaded from Adobe's own website," Sophos' Graham Cluley wrote.

This security lesson applies to any unsolicited messages you may receive, especially in the run-up to the holidays, when online crooks are pushing out batches of phishing emails in the hopes of snaring a fraction of the millions of people doing their shopping online. If you get an email offering something that sounds too good to be true, don't open it. The same advice goes for any "critical" security update you didn't ask for. For a detailed rundown of what to expect while shopping online, and how to avoid scammers in the process, click here.

Source: Here

---------- Post added at 09:01 PM ---------- Previous post was at 08:59 PM ----------

Lets be careful out there!

[BigGuy]

Thanks for the warning Uncle Bear. I have gotten a couple of these e-mails myself, but they were in my junk mail folder and I just deleted them.

[safeguy]

The email subject is "Adobe Software Upgrade Notification," and comes from the email address no-reply@adobe.com.

Email address spoofing?? Correct me if I'm wrong. Mine was recently one...someone alerted me that he got a spam message seemingly from "me". Seeing that I'm a very careful email user, I thought it was impossible and yet my paranoia kicked in..I overreacted on the assumption that my account may have been 'hacked'. Nevertheless, it was a good reminder to myself that anyone's email address can be spoofed...no matter who you are or what your email habits are like.

[JayCub]

Sadly that's the truth safeguy, i have gotten e-mails from my partner that she never sent, changing passwords is a good habit to get into but i have been lazy that way although it's quite strong i can't be certain it will hold up forever..

Thank you Bear for the warning i would like to think im well versed and wouldn't fall for these types of scams, but it's always good to hear some-one share the latest scam online..

[Bearcat]

@ BigGuy Good thinking on your part Buddy!

@ safeguy I remember you mentioning that. My sister had the same thing happen to her e-mail account and I got a number of messages from that address that I know she would never send me. (pornography ) She was never able to find out how, or who was behind it, but changed her e-mail address.

@ Jay This kind of thing is why I have filters in place on my e-mail accounts, so these kind of messages will always go to my spam folder. That way I know to check out a message, before simply opening it without thinking. Yes, I am sometimes a bit absent minded.

[BigGuy]

A friend of mine from school got his parents computer infected by answering a junk e-mail and boy did he get into big trouble for it!

[Bearcat]

A friend of mine from school got his parents computer infected by answering a junk e-mail and boy did he get into big trouble for it!

That wasn't Jason, was it buddy? Sounds like something he would do.

[BigGuy]

Yup, thats who it was. How did you guess????