As the holidays approach, be on alert for increased phishing attempts by Scrooges who attempt to infect your machine or steal your personal information.
Infected Christmas greetings
Websense Security Labs has issued a warning of an e-greetings campaign which sends you an animated greeting card that actually leads to a Trojan backdoor enabling access and control over the resources of your compromised machine. The spoofed email messages appear as though they have been sent from postcards.org. A URL link within the email leads to a malicious file called postcard.exe.
TIP: Suspect a scam if the greeting card doesn’t address you by name or the card sender’s name isn’t included in the body of the email. Never open a card from a generic name or someone you don’t know. If the card requires that you install a special viewer or tries to download a file to your system, treat it like a trojan. Cancel the download and scan your system with up to date antivirus software. Don’t reply using the email you received – the From address just might be bogus.
Spoofed package delivery notifications
Be on the lookout for phony FedEx and UPS e-mails describing a package delivery waiting for you. The fake emails have been reported to contain a trojan that disables firewalls, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components and provides a hacker with remote access to the compromised system.
TIP: Large companies like UPS don’t send you an executable in a zip file and rarely include attachments. FedEx and UPS tracking is done online on their website.
Holiday screensavers and games
Parents should be especially careful as many kids are home from school and busily downloading lots of Santa screen savers, holiday puzzles and games or reindeer ringtones. Many free screensavers, at a minimum, cause unwanted pop up advertising.
TIP:Check the WOT ratings on screensaver and game sites.