Crooks use common card scam to offer fake products and install malware: Internet Scambusters #522
'Tis the season to be wary. That's the message from Internet security companies highlighting the latest Christmas card scam and spam attacks targeting your inbox.
It's bad enough that we're being bombarded with offers we don't want -- but many of them actually lead to even more trouble, like non-existent products, or identity theft using information victims supply.
We have the details in this issue of these and other warnings relating to online Christmas sales, plus an update on the latest spamming techniques.
Let's get started...
Christmas Card Scam and Spam Alerts
With the holiday season in full swing, Internet security firms have issued a strong warning about a card scam surge -- not of the credit card variety (though no doubt we'll have them too) but of virtual greetings cards, or ecards.
In addition to delivering a seasonal message, bogus ecards are bombarding victims with spam or installing malware on their PCs.
The delivery mechanism is simple.
You get an email saying someone has sent you an ecard and, when you click the link, you go to a bogus product website.
If there's an attachment -- "ChristmasCard.zip" is a common name -- it may turn out to be a flyer promoting fake products or a virus installer.
According to security outfit Symantec, bogus offers include gifts, health products and financial help.
In addition, an avalanche of plain old holiday-related spam is dropping into inboxes, usually with an inviting subject line like "$1,500 cash for Christmas," "Share a Little Magic This Christmas" and "Wanna make Christmas shopping easy?"
Colorful ads, special offers like "Buy One, Get One Free" and bogus endorsements such as "As seen on TV" all make these deals look genuine.
Sometimes, poor English is a giveaway for a scam and you may be able to spot it. The supposed sender may also look suspicious. Symantec identified names in the "From" field like "Christmas Letters from Santa," "The National Christmas Lottery" and "Fun4Kids."
The important thing is to keep your Internet security software up to date. This will identify and weed out most "spamvertising."
More Holiday Scam Info
Card scams and spam represent just a fraction of the online fraud tricks we encounter at this time of year.
To be fully alert to the risks, you might want to check out some of our previous holiday scam reports:
In addition, another leading Internet security firm, McAfee, has released a list of what it calls "The 12 Scams of Christmas."
These include phony Facebook promotions and competitions, virus-bearing holiday screensavers, seasonal ringtones that sign you up for recurring charges, bogus coupons that request personal information in return for a money-saving code, and email offers for popular but scarce gifts (which, of course, the crooks don't really have).
McAfee's key message is that with the increase in malware on smartphone and tablets, users need to exercise extreme caution with all their devices, not just their PCs, and ensure they are all protected.
Their advice is to only download apps from official stores (though this doesn't guarantee a safe product), be wary when reviewing and replying to emails, avoid too-good-to-be-true offers on social networks, and rejecting friendship requests on social networks from people you don't know.
Latest Spam Tricks
It's not just a Christmas time you should be on the alert for spam either.
The latest tricks used by spammers trying to fool victims into clicking links include:
- Using well-known names in the subject line. Most recently, we've seen messages using the names of Groupon (the online special offers discount service) and Norton (the Symantec security firm).They usually advertise products in the same way the genuine providers do -- only they never get delivered -- and the financial information you provide could be used for identity theft.
- Disguising emails to look like they're from social networks such as Facebook and LinkedIn saying you have new messages.But if you click on the link (don't!) you're delivered to a phony products website.
- Using automated software to post "comments" on individuals' blogs and websites, often with no relevance to the page contents but with links to the spammers' websites.
- Tricking users of social networking sites to do their dirty work by forwarding spam for them.As we reported a couple of weeks back, the photo-sharing website Pinterest has become a key target, with crooks using bogus prize offers to encourage users to re-pin spam-type ads.
- Legitimate firms capturing your smartphone details and then using text messages to bombard you with offers without your approval.Some might regard this as "legal spam," since the offer is genuine, but a big restaurant company recently faced a $250 million class action suit for allegedly sending out 500,000 such texts to customers.The firm allegedly continued to send the messages even after customers asked them to stop.
In fact, the increasing use of text messages to spam is causing a real headache for regulatory authorities.
We've produced a couple of issues on this subject already:
Now the Federal Communications Commission (FCC) says it is reviewing a call to ban internet-to-phone text messaging.
According to tech expert Jeremy Kaplan, this mass-messaging is the latest trend in spamming.
In a recent interview, he said: "It isn't really all that common just yet but it's definitely the future. It's going to be happening a lot more frequently."
It's relatively easy for spammers to harvest mobile numbers, he added. "There are dozens of websites right now where you can plug in an email address to generate a phone number."
It seems unlikely however that the FCC would impose a blanket ban on sending multiple SMS texts via computer since this would also affect legitimate users -- after all, it's no different to us putting multiple addresses in emails we send to friends.
This underlines the difficulty with managing and legislating against spam. And, as we know, even when laws are enacted, that doesn't stop the crooks -- the Christmas card scam is adequate proof of that.
Time to conclude for today -- have a great week!