Tomorrow is Black Friday–the official kick off of the holiday shopping frenzy here in the United States, and a day where every business in the world seems to run some sort of special deal to lure shoppers in. Malware developers are looking to get in on some of the Black Friday action as well.
The Sophos Naked Security blog reports that there are fake iTunes gift certificates being distributed via email which are actually malware-laden file attachments. The prospect of a free $50 to spend shopping on iTunes is a compelling deal for rabid Black Friday shoppers.
Given the economic malaise that continues to drag on around the world, it is easy to see why people might jump at this bait any time. When you mix it in with the avalanche of emails advertising Black Friday bargains, and the expectation that a few retailers will have awesome deals worth fighting for, it is even easier to understand why many might click on a file attachment that promises $50 to spend on iTunes.
I have paraphrased the basic guidance from Sophos–which was paraphrased from USA Today–to help you avoid suspicious or malicious Black Friday deals:
Protect Your Information
Legitimate businesses–at least reputable, respectable companies worthy of doing business with–will not ask you to share sensitive data via email, or with a link in an unsolicited email message. Any message that directs you to type your username, password, credit card or bank account numbers, Social Security number, or any other personal or sensitive information should be treated with suspicion.
Beware False Urgency
As long as there have been email spam and phishing scams, attackers have used urgency as a tactic to make people act. Think twice (or three or four times) before you click on any link or open any file attachment on an email message that implores you to act now. Generally, this is nothing more than a ploy to get you to act quickly before your common sense kicks in.
Don’t Trust Everyone
Another common tactic as old as email spam is to have the spam or phishing message come from someone you know. It may be that someone you know has been infected, and a virus or worm has infiltrated their contacts to send out messages to everyone they know in order to propagate the threat, or it may just be a case of a spam or phishing message that has spoofed the “From” information of the message to make it appear as if it is from someone you know. Either way, if it seems weird or out of character, it probably is. Don’t click a link or open a file attachment that seems suspicious just because it appears to be from someone you know.
Enjoy your Thanksgiving. If you’re one of the dedicated, intrepid shoppers who will venture out for Black Friday bargains, have fun. Just don’t be in such a hurry to get a great deal that you let down your guard and end up compromising your PC.