Fake iTunes gift certs could make for a sad Black Friday

Tomorrow is Black Friday–the official kick off of the holiday shopping frenzy here in the United States, and a day where every business in the world seems to run some sort of special deal to lure shoppers in. Malware developers are looking to get in on some of the Black Friday action as well.

The Sophos Naked Security blog reports that there are fake iTunes gift certificates being distributed via email which are actually malware-laden file attachments. The prospect of a free $50 to spend shopping on iTunes is a compelling deal for rabid Black Friday shoppers.

Given the economic malaise that continues to drag on around the world, it is easy to see why people might jump at this bait any time. When you mix it in with the avalanche of emails advertising Black Friday bargains, and the expectation that a few retailers will have awesome deals worth fighting for, it is even easier to understand why many might click on a file attachment that promises $50 to spend on iTunes.

I have paraphrased the basic guidance from Sophos–which was paraphrased from USA Today–to help you avoid suspicious or malicious Black Friday deals:

Protect Your Information

Legitimate businesses–at least reputable, respectable companies worthy of doing business with–will not ask you to share sensitive data via email, or with a link in an unsolicited email message. Any message that directs you to type your username, password, credit card or bank account numbers, Social Security number, or any other personal or sensitive information should be treated with suspicion.

Beware False Urgency

As long as there have been email spam and phishing scams, attackers have used urgency as a tactic to make people act. Think twice (or three or four times) before you click on any link or open any file attachment on an email message that implores you to act now. Generally, this is nothing more than a ploy to get you to act quickly before your common sense kicks in.

Don’t Trust Everyone

Another common tactic as old as email spam is to have the spam or phishing message come from someone you know. It may be that someone you know has been infected, and a virus or worm has infiltrated their contacts to send out messages to everyone they know in order to propagate the threat, or it may just be a case of a spam or phishing message that has spoofed the “From” information of the message to make it appear as if it is from someone you know. Either way, if it seems weird or out of character, it probably is. Don’t click a link or open a file attachment that seems suspicious just because it appears to be from someone you know.

Enjoy your Thanksgiving. If you’re one of the dedicated, intrepid shoppers who will venture out for Black Friday bargains, have fun. Just don’t be in such a hurry to get a great deal that you let down your guard and end up compromising your PC.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now